Rockwell Automation Micrologix Improper Access Control (CVE-2017-14471)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

RHEL 8 : nodejs:14 (RHSA-2022:0350)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Warning issued over tampered QR codes

Avid readers of the Malwarebytes Labs blog will be well aware of QR code scams. Take, for example, that QR code scam in the Netherlands that victimized at least a dozen and definitely more car owners. It went like this: Someone approaches you and says they want to pay for their parking but cant...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

Inappropriate Implementation

chromium is vulnerable to inappropriate implementation. The vulnerability exists due to improper storage which allows an attacker to send and execute malicious codes...

FBI – Malicious QR codes stealing login and financial data

By Deeba Ahmed The FBI has issued an alert urging users to refrain from scanning anonymous QR codes as cybercriminals are… This is a post from HackRead.com Read the original post: FBI - Malicious QR codes stealing login and financial data...

Phishers on the prowl with fake parking meter QR codes

QR codes come and go as a threat. The last time we wrote about them they were causing problems at gas stations, and by sheer chance this latest outing shares vehicular related subject matter. Law enforcement in the US is sounding the alarm regarding parking meters. A quick refresher QR Quick...

CentOS: Security Advisory for firefox (CESA-2021:5014)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mozilla Firefox < 96.0

The version of Firefox installed on the remote Windows host is prior to 96.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-01 advisory. - When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it shou...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

PT-2022-12246 · Biostar · Biostar Racing Gt Evo

Name of the Vulnerable Software and Affected Versions: Biostar RACING GT Evo version 2.1.1905.1700 Description: An issue was discovered in BS RCIO64.sys. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations, or call a...

CVE-2021-45425

Reflected Cross Site Scripting XSS in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes...

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

December 14, 2021—KB5008207 (OS Build 14393.4825) - EXPIRED

December 14, 2021—KB5008207 OS Build 14393.4825 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5008207 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- 11/9/202...

Mozilla Thunderbird Security Advisories (MFSA2021-50, MFSA2021-54) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisories (MFSA2021-50, MFSA2021-54) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...