32 matches found
Gotenberg has a Server-Side Request Forgery (SSRF) Issue
Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...
EUVD-2001-0523
Malware in sbrugna...
EUVD-2006-0585
Malware in sbrugna...
EUVD-2017-6830
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-15377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of...
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...
Trend Micro Apex One and OfficeScan XG Access Control Error Vulnerabilities
Trend Micro OfficeScan XG and Trend Micro Apex One are both products of Trend Micro, Inc. Trend Micro OfficeScan XG is a distributed anti-virus software suite, and Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response capabilities. Tre...
CVE-2021-25235
An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file...
Improper access control
An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file...
CVE-2021-25235
An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file...
Trend Micro Apex One 和 OfficeScan XG SP 信息泄露漏洞
Trend Micro OfficeScan XG and Trend Micro Apex One are both products of Trend Micro, Inc. Trend Micro OfficeScan XG is a distributed anti-virus software suite, and Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response capabilities. Tre...
Cisco IOS and IOS XE Input Validation Error Vulnerability (CNVD-2020-31975)
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An input validation error vulnerability exists in the implementation of the CIP feature in Cisco IOS Software and Cisco IOS XE Software, which stems from the program's failure to adequately handle...
PF_RING - High-Speed Packet Capture, Filtering And Analysis
PFRING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties: 1. Available for Linux kernels 2.6.32 and newer. 2. No need to patch the kernel: just load the kernel module. 3. 10 Gbit Hardware Packet Filtering usi...
Default credentials
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...
CVE-2017-15377
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...
UBUNTU-CVE-2017-15377
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...
DEBIAN-CVE-2017-15377
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...
CVE-2017-15377
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...
CVE-2017-15377
CVE-2017-15377 affects Suricata before version 4.x. The vulnerability is caused by DetectEngineContentInspection in detect-engine-content-inspection.c, where the search engine does not stop after no match and can recurse up to the 3000 default limit, enabling excessive processing of crafted netwo...
CVE-2017-15377
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found;...