8202 matches found
Multiple Cobalt Personality Disorder
Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...
CVE-2017-2586
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...
CVE-2017-2587
A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...
Attack inception: Compromised supply chain within a supply chain poses new risks
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection Windows Defender ATP emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor...
CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
Code injection
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
CVE-2017-3225 Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector that may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
CVE-2017-3225
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...
Debian: Security Advisory (DSA-4254-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe Systems - Arbitrary Code Injection Vulnerability
Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...
Adobe Systems Main lead DBMS Arbitrary Code Injection
Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...
Buffer overflow
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications subcomponent: Payments Core. Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access vi...
Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability
Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...
GHSA-CQ94-QF6Q-MF2H Pysaml2 improperly initializes encryption vector
Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
Adobe Acrobat Pro DC U3D PIC Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
Debian DLA-1421-1 : ruby2.1 security update
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...
PinkyToken Number Error Vulnerability
PinkyToken is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in PinkyToken's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...
AT&T Bizcircle Cross Site Scripting
Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...
Insufficient Input Validation in Intel® VTune Amplifier, Intel® Advisor and Intel® Inspector products before version 2018 Update 3 potentially allows an unprivileged user to trigger a Denial of Service via local vector
None...