164 matches found
CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...
K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...
Feds: APTs Have Tools That Can Take Over Critical Infrastructure
Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...
Credential-stealing malware disguises itself as Telegram, targets social media users
A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware...
Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks
Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to...
Mysterious Custom Malware Collects Billions of Stolen Data Points
Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million...
OpenText Brava! Desktop out-of-bounds write vulnerability (CNVD-2021-42328)
OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...
OpenText Brava! 缓冲区错误漏洞
OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DXF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...
OpenText Brava! 缓冲区错误漏洞
OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DXF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...
OpenText Brava! 缓冲区错误漏洞
OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...
Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware families are operated by distinct different threat actors on...
Delta Electronics TPEditor Buffer Error Vulnerability
Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics TPEditor v1.98 and prior that could allow an attacker to execute code with the privileges of the application...
Exploit for CVE-2020-14883
CVE-2020-14883 Oracle WebLogic Server Authenticated Remote Cod...
Unspecified Vulnerability in Teradici PCoIP Standard Agent and Teradici PCoIP Graphics Agent
Teradici PCoIP Standard Agent and Teradici PCoIP Graphics Agent are both products of Teradici Canada.Teradici PCoIP Standard Agent is an agent program for connecting virtual desktops.Teradici PCoIP Graphics Agent is an agent program that provides GPU-enabled physical and virtual workstations to...
MS15-046: Description of the security update for Office 2010 Service Pack 2: May 12, 2015
MS15-046: Description of the security update for Office 2010 Service Pack 2: May 12, 2015 Introduction This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Office file in an...
Memory Corruption Vulnerability in Microsoft Office
Microsoft Office is a Windows-based office software suite developed by Microsoft Microsoft. A memory corruption vulnerability exists in Microsoft Office, which can be exploited by an attacker to cause a denial of service...
Product update: Virtuozzo 7.0 Update 13 (7.0.13-298)
The Update 13 for Virtuozzo 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1062.12.1.vz7.131.10. Vulnerability id: PSBM-95072 'pstorage-target' files are left over after successful migrations of VMs on Virtuozzo Storage from...