752 matches found
openSUSE Security Update : kernel-firmware (openSUSE-2019-1770)
This update for kernel-firmware fixes the following issues : kernel-firmware was updated to version 20190618 : - cavium: Add firmware for CNN55XX crypto driver. - linux-firmware: Update firmware file for Intel Bluetooth 22161 - linux-firmware: Update firmware file for Intel Bluetooth 9560 -...
libsass/data_context_fuzzer: Heap-buffer-overflow in std::__1::vector<std::__1::vector<Sass::SharedImpl<Sass::ComplexSelector>, std::
Project: https://github.com/sass/libsass.git Detailed report: https://oss-fuzz.com/testcase?key=5161915090731008 Project: libsass Fuzzer: libFuzzerlibsassdatacontextfuzzer Fuzz target binary: datacontextfuzzer Job Type: libfuzzerasanlibsass Platform Id: linux Crash Type: Heap-buffer-overflow READ...
libIEC61850 Buffer Overflow Vulnerability (CNVD-2019-23759)
libIEC61850 is an open source library for the IEC 61850 protocol. A buffer overflow vulnerability exists in serverexamplecomplexarray in libIEC61850 versions 1.3.2, 1.3.1, and 1.3.0. The vulnerability stems from a network system or product performing operations in memory without properly validati...
Rules-Based Policy Approaches Need to Go
Enterprises are making tremendous investments in their digital transformations, and no wonder: Increasingly, those who can more rapidly part from old, manual and antiquated ways of managing technology and shift to new ways of thinking will come out on top. That’s especially true when it comes to...
UBUNTU-CVE-2019-13391
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels...
CVE-2019-13302
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages...
ImageMagick heap buffer overflow vulnerability (CNVD-2019-21668)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio A buffer overflow vulnerability exists in the 'ComplexImage' function of the...
ImageMagick heap buffer overflow vulnerability (CNVD-2019-21662)
ImageMagick Studio ImageMagick is a suite of open-source image processing software from the American company ImageMagick Studio. The software can read, convert or write images in a variety of formats. ImageMagick Studio A buffer overflow vulnerability exists in the 'ComplexImages' function of the...
3 investments Microsoft is making to improve identity management
As a large enterprise with global reach, Microsoft has the same security risks as its customers. We have a distributed, mobile workforce who access corporate resources from external networks. Many individuals struggle to remember complex passwords or reuse one password across many accounts, which...
Design/Logic Flaw
LibSass 3.5.4 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::ComplexSelector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp...
UBUNTU-CVE-2018-20822
LibSass 3.5.4 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::ComplexSelector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp...
Partner Perspectives: Accelerated Alert Handling from Syncurity and Carbon Black
JP Bourget is the Founder and CSO of Syncurity. One of the key Security Orchestration, Automation and Response SOAR use cases I see every day is alert handling. As more and more organizations adopt EDR solutions, like those offered by Carbon Black, Syncurity IR-Flow is able to speed up the alert...
Dovecot -- improper input validation
Aki Tuomi reports: Vulnerability Details: IMAP and ManageSieve protocol parsers do not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Risk: This vulnerability allows for out-of-bounds writes to objects stored on the heap up to 8096 byte...
Hacking Superyachts. Advice for integrators
I’ve written previously how superyachts are the homes, the offices, the play areas for their owners and how captains need to consider so many more risks than they used to. However, a common theme is you the integrator. Your job is to put all the owners toys and all the captains tools together in ...
Format string
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...
CVE-2019-9721
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...
SpeakUp Linux Backdoor Sets Up for Major Attack
LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...
DEBIAN-CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c function testcasestr2depcomplex in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service...
libsolv null pointer dereference vulnerability (CNVD-2019-40948)
Libsolv is a free package management library. A null pointer dereference vulnerability exists in the testcasestr2depcomplex function in ext/testcase.c in libsolvext.a in libsolv 0.7.2 and earlier. An attacker could exploit this vulnerability to cause a denial of service...
Global IT Asset Inventory: The Foundation for Security and Compliance
Pablo Quiroga, Qualys’ Director of Product Management for IT Asset Management, talks about the new Asset Inventory solution When IT directors and CISOs look at their digitally transformed networks, they encounter many shadows that their legacy enterprise software tools can’t illuminate. These bli...