87 matches found
EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2021-1908)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length...
EulerOS 2.0 SP8 : python-rsa (EulerOS-SA-2020-1878)
According to the version of the python-rsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g.,...
CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
Memory corruption
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
PYSEC-2020-99
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
CVE-2020-13757
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
CVE-2020-6244
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
Code injection
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
Unspecified Vulnerability in Siemens XHQ
Siemens XHQ Production Operations Intelligence is Siemens Energy's flagship solution and is widely deployed by the world's largest oil & gas and chemical companies. An unspecified vulnerability exists in Siemens XHQ, which can be exploited by an attacker to cause an application to run in an...
Docker Hub Hack Affects 190K Accounts, with Concerning Consequences
UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...
Bidirectional Content Redirection does not work properly with Lingering Session
Repro Steps: 1. Start Internet Explorer on your client machine 2. Type an URL that match with "Allowed URLs to be redirected to VDA" to the address field 3. The local browser is closed automatically when hitting the enter key 4. The published application is started and the redirected URL is opene...
SUSE-SU-2019:0418-1 Security update for python-numpy
This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allowpickle to false by default to restrict loading untrusted content bsc1122208. With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing...
SUSE-SU-2019:13951-1 Security update for python-numpy
This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allowpickle to false by default to restrict loading untrusted content bsc1122208. With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing...
Container Security Becomes a Priority for Enterprises
Among the IT innovations that businesses are using to digitally transform operations, containers might be the most disruptive and revolutionary. “They’re a real game changer,” Qualys Chief Product Officer Sumedh Thakar said at QSC 2018 in Las Vegas. DevOps teams have embraced containers because...
Why Malwarebytes decided to participate in AV testing
Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...
Code injection
SAP MaxDB ODBC driver all versions before 7.9.09.07 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
Carbon Black & VMware Announce General Availability of Integrated Solution to Secure the SDDC
Securing your software-defined data center SDDC is fundamentally different than securing your end-user computers. Securing the endpoint is no longer enough - attackers have other angles they can take to wreak havoc on your system - but not securing your endpoints would be a big mistake. That’s wh...
Modifiable Secondary Configuration Values
cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml file, attackers can set these variables by using Intent. Leveraging this, they can change the behavior of the application...