187 matches found
QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft disclosed over the weekend. The tech giant's threat intelligence team said it observed both Mango Sandstorm Mercury and Mint Sandstorm...
The vulnerability of the SetupCompleted class in printing control software such as PaperCut MF and PaperCut NG allows a perpetrator to execute arbitrary code.
The vulnerability of the SetupCompleted class in printing control software such as PaperCut MF and PaperCut NG is related to errors in access management. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code in the SYSTEM context remotely...
Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software fr...
SUSE CVE-2015-5239
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service process crash via a CLIENTCUTTEXT message, which triggers an infinite loop...
SUSE CVE-2017-14060
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file by submitting a malformed image file...
SUSE CVE-2018-16642
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write...
SUSE CVE-2019-13135
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c...
USN-5772-1 qemu vulnerabilities
It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2021-3682 It...
OESA-2022-2024 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including one or several processors and various peripherals. It can be used to launch...
DEBIAN-CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
UBUNTU-CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...
Tecrail Responsive Filemanger 路径遍历漏洞
Tecrail Responsive Filemanger is a free open source file manager and image manager from Tecrail Italy. A security vulnerability exists in Tecrail Responsive Filemanger version 9.11.0 and earlier versions, which can be exploited by an attacker to copy, cut any file...
Low-rent RAT Worries Researchers
For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...
Mitsubishi MELSEC Q03UDECPU PLC has a Logic Defect Vulnerability
Mitsubishi Electric Automation China Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. It mainly produces mechanical appliances for power distribution including low-voltage circuit breakers, electromagnetic openers and closers, electrical processing...
SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...
The vulnerability of the ReadCUTImage function in the coders/cut.c component of the console image editing tool ImageMagick, related to the assignment of a null pointer, allows a malicious actor to cause a service failure.
The vulnerability of the ReadCUTImage function in the coders/cut.c component of the console-based image editing tool ImageMagick involves the use of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure by using a corrupted image file...
Huawei Data Communication: The undo local-user idle-cut command disables the idle-cut function for local users
Checks, if the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under...
Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...
USN-4407-1 libvncserver vulnerabilities
It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...