6339 matches found
CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
DEBIAN-CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
CVE-2017-7727
The connected sources identify CVE-2017-7727 as a Server-Side Request Forgery affecting the iSmartAlarm Backend. The vulnerability arises from an API endpoint that does not validate injection, enabling an attacker to use the backend as a proxy to perform SSRF/open redirection. Affected software i...
Telegram-Controlled Hacking Tool Targets SQL Injection at Scale
A black market hacking tool has the potential to rapidly conduct website scans for SQL injection vulnerabilities at a large scale, all managed from a smartphone through the Telegram messenger. The Katyusha Scanner is a relative newcomer available to black hats that surfaced in early April. It’s a...
Windows Explorer Denial of Service Vulnerability
An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service. A attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user ...
Authorization
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...
CVE-2017-4999
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...
CVE-2017-4999
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...
Windows 10 to Get Built-in Protection Against Most Ransomware Attacks
Ransomware Ransomware Everywhere Not a Single Place to Hide! But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks. Two massive ransomware attacks — WannaCry and Petya also known as NotPetya — in a month have caused chaos and...
Updated kernel-linus packages fixes critical security vulnerabilities
This kernel-linus update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...
CVE-2017-6325
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an...
Cross-site Scripting (XSS)
github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The attacks can be triggered because a user can change their username to anything other than an empty string. This allows them to enter code which may be executed...
RHEL 5 : kernel (RHSA-2017:1482)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1482 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the way memory was...
Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20170619) (Stack Clash)
Security Fixes : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory...
RHEL 5 / 6 / 7 : glibc (RHSA-2017:1479)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1479 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name servi...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Malware Network Communication Provides Better Early Warning Signal
Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...
CVE-2017-8911
An integer underflow has been identified in the unicodetoutf8 function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker...