Akuvox E11 安全特征问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...

Intel® Quartus® Advisory

Summary: Potential security vulnerabilities in Intel® Quartus® Prime Pro and Standard Editions may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick, which stems from a specially crafted SVG that causes segmentation errors. Th...

Debian: Security Advisory (DLA-664-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-251-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates aka SocGholish malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of seconda...

libde265 缓冲区错误漏洞

Libde265 is a German h.265 video codec. A security vulnerability exists in libde265 version v1.0.10, which stems from a heap-based buffer overflow found in the derivespatiallumavectorprediction method of the motion.cc file...

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derivespatiallumavectorprediction function in motion.cc...

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derivespatiallumavectorprediction function in motion.cc...

partial_sort contains Out-of-bounds Read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

K11932200: glibc vulnerability CVE-2019-1010023

Security Advisory Description GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ld...

K44611310: MySQL vulnerability CVE-2015-0411

Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0411 Impact Through...

K10631282: Flip Feng Shui (FFS) vulnerability

Security Advisory Description Flip Feng Shui FFS a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on the following underlying primitives: The ability to induce bit flips in controlled but not predetermined...

K16101409: BIG-IP AFM vulnerability CVE-2022-23028

Security Advisory Description When global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. CVE-2022-23028 Impact This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

2022 in review: DDoS attack trends and insights

As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations. Cybercrime continues to rise with the industrialization of the cybercrime economy providing cybercriminals wi...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...