CVE-2024-23439 Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver...

CVE-2024-1096 Twister Antivirus v8.17 - Denial of Service

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes ...

CVE-2024-1096

Twister Antivirus v8.17 is affected by CVE-2024-1096, a vulnerability in the fildds.sys driver that can trigger a Denial of Service by issuing specific IOCTL codes (0x80112067, 0x801120CB, 0x801120CC, 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, ...

CVE-2024-1096 Twister Antivirus v8.17 - Denial of Service

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes ...

PT-2024-16664 · Unknown · Twister Antivirus

Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8.17 Description: The issue allows Elevation of Privileges on the computer where Twister Antivirus is installed by triggering specific IOCTL codes of the fildds.sys driver, including 0x80112067, 0x801120CB, and...

PT-2024-17462 · Unknown · Twister Antivirus

Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8.17 Description: The issue is related to a Denial of Service vulnerability. It can be triggered by specific codes, including 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F. Recommendations: F...

CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

[SECURITY] [DSA 5614-1] zbar security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2024 https://www.debian.org/security/faq -...

Debian dsa-5614 : gir1.2-zbar-1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5614 advisory. - A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure...

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...

Ubuntu: Security Advisory (USN-6592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes

By Waqas Bitdefender's latest research reveals that crypto scams on YouTube are at an all-time high, with no sign of slowing down in the near future. This is a post from HackRead.com Read the original post: YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes...

CVE-2024-22403

CVE-2024-22403 affects Nextcloud Server prior to 28.0.0, where OAuth2 authorization codes did not expire. An attacker who intercepts an authorization code could authenticate at any time using that code. The issue is resolved by upgrading to Nextcloud Server 28.0.0, where OAuth codes are invalidat...

CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

OAuth2 authorization codes are valid indefinetly

None...

[SECURITY] Fedora 38 Update: zbar-0.23.93-1.fc38

ZBar Bar Code Reader is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code...

PT-2024-1285 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.0 Description: The issue concerns the expiration of OAuth codes in Nextcloud Server, a self-hosted personal cloud system. In affected versions, OAuth codes did not expire, allowing an attacker who gains...

Fedora 39 : zbar (2024-73d5220ed3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-73d5220ed3 advisory. 0.23.93, fixes for two CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...