10 matches found
Infinite loop
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk
We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users...
QNAP Qsync Central 代码问题漏洞
QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP Qsync Central versions prior to 5.0.0.1, which stems from a null pointer dereference and could lead to a denial of service attack...
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
In recent weeks, the Microsoft Threat Intelligence Center MSTIC and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high...
Directory Traversal Vulnerability in Purple File Management System
Purple Software Systems Ltd. is a company that specializes in making a chain of cloud file management services. A directory traversal vulnerability exists in the Purple File Management System, which can be exploited by attackers to obtain sensitive information...
@concord-consortium/cloud-file-manager (>=2.0.0-pre.1 <=2.3.1), @hat-core/juggler (>=0.4.0-dev20200410 <=0.4.1-dev20210707) +45 more potentially affected by unknown CVE via jiff (>=0.6.0 <=0.7.3)
jiff NPM version =0.6.0, =2.0.0-pre.1, =0.4.0-dev20200410, =0.5.1-dev20210809, =0.1.0, =1.0.0, =1.0.1, =0.0.3, =2.0.0, =1.0.0, =0.0.1, =0.5.5, =1.0.0-3, =1.0.0-0, =1.0.0, =1.1.2 and more Source cves: unknown CVE Source advisory: SNYK:JS-JIFF-1017118...
Metamorfo Campaigns Targeting Brazilian Users
FireEye Labs recently identified several widespread malspam malware spam campaigns targeting Brazilian companies with the goal of delivering banking Trojans. We are referring to these campaigns as Metamorfo. Across the stages of these campaigns, we have observed the use of several tactics and...
Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3043)
An information disclosure vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while collaboration functionality when opening any cloud file followed by invocation of share file function. Attackers can exploit the vulnerability by...
PYSEC-2017-83
Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...
Petya Ransomware Installs Mischa As Failsafe
The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines. Petya did have its...