17 matches found
EUVD-2017-6150
Malware in sbrugna...
By-passing Protection of PharStreamWrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...
[SECURITY] Fedora 38 Update: libgit2-1.6.5-1.fc38
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
Motorola Solutions ACE1000 数据伪造问题漏洞
The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...
Cybozu Office Improper Input Validation Vulnerability
Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An improper input validation vulnerability exists in a custom application in Cybozu Office. An attacker could exploit the vulnerability to alter data in the customized application...
F5 Networks BIG-IP : OpenSSL vulnerability (K16136)
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion,...
Protection Mechanism Bypass
OpenSSL is vulnerable to protection mechanism bypass. This is because OpenSSL accepts several variations of certificate signature algorithms and signature encodings. It doesn't then enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. This...
[SECURITY] Fedora 28 Update: libgit2-0.26.7-1.fc28
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
[SECURITY] Fedora 27 Update: libgit2-0.26.5-1.fc27
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage FlashCopy Manager on Solaris and HP-UX platforms (CVE-2015-0383)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by FlashCopy Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0383 DESCRIPTION: An unspecified vulnerability ...
[SECURITY] Fedora 25 Update: libgit2-0.24.6-1.fc25
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
[SECURITY] Fedora 24 Update: libgit2-0.24.6-1.fc24
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
[SECURITY] Fedora 25 Update: libgit2-0.24.3-1.fc25
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
Experts call for better measurement of security
If there’s one key message coming through all of the noise at the RSA Conference this week it’s the fact that there’s a pressing need for more data. Data on attacks, data on vulnerabilities, data on data breaches, data on software security, data on everything having to do with security. The...
CVE-2007-3861
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...
Design/Logic Flaw
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...
CVE-2007-3861
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01...