Lucene search
K

187 matches found

RedHat Linux
RedHat Linux
added 2023/05/09 10:9 a.m.10 views

QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion

An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

6.5CVSS5.7AI score0.0114EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/05/09 8:53 a.m.4 views

Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability

Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft disclosed over the weekend. The tech giant's threat intelligence team said it observed both Mango Sandstorm Mercury and Mint Sandstorm...

9.8CVSS7.4AI score0.99999EPSS
Exploits24
BDU FSTEC
BDU FSTEC
added 2023/04/27 12:0 a.m.4 views

The vulnerability of the SetupCompleted class in printing control software such as PaperCut MF and PaperCut NG allows a perpetrator to execute arbitrary code.

The vulnerability of the SetupCompleted class in printing control software such as PaperCut MF and PaperCut NG is related to errors in access management. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code in the SYSTEM context remotely...

10CVSS8.5AI score0.99999EPSS
Exploits24References4
The Hacker News
The Hacker News
added 2023/02/23 4:49 p.m.7 views

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software fr...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service process crash via a CLIENTCUTTEXT message, which triggers an infinite loop...

6.5CVSS6.9AI score0.0361EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.4 views

SUSE CVE-2017-14060

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file by submitting a malformed image file...

5.3CVSS8.9AI score0.01605EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.4 views

SUSE CVE-2018-16642

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write...

4.4CVSS6.7AI score0.03037EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.6 views

SUSE CVE-2019-13135

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c...

5.5CVSS6.9AI score0.03291EPSS
Exploits0References6
OSV
OSV
added 2022/12/12 6:51 a.m.7 views

USN-5772-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2021-3682 It...

8.5CVSS7AI score0.02904EPSS
Exploits3References7
OSV
OSV
added 2022/10/28 11:4 a.m.4 views

OESA-2022-2024 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including one or several processors and various peripherals. It can be used to launch...

6.5CVSS6.6AI score0.0114EPSS
Exploits0References2
OSV
OSV
added 2022/10/17 4:15 p.m.0 views

DEBIAN-CVE-2022-3165

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

6.5CVSS6.7AI score0.0114EPSS
Exploits0References1
OSV
OSV
added 2022/10/17 4:15 p.m.8 views

UBUNTU-CVE-2022-3165

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

6.5CVSS6.8AI score0.0114EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.5 views

Tecrail Responsive Filemanger 路径遍历漏洞

Tecrail Responsive Filemanger is a free open source file manager and image manager from Tecrail Italy. A security vulnerability exists in Tecrail Responsive Filemanger version 9.11.0 and earlier versions, which can be exploited by an attacker to copy, cut any file...

9.8CVSS8.2AI score0.00852EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2022/05/10 12:24 a.m.27 views

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2022/04/11 12:0 a.m.21 views

Mitsubishi MELSEC Q03UDECPU PLC has a Logic Defect Vulnerability

Mitsubishi Electric Automation China Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. It mainly produces mechanical appliances for power distribution including low-voltage circuit breakers, electromagnetic openers and closers, electrical processing...

8.1CVSS6.6AI score0.01209EPSS
Exploits0
Kitploit
Kitploit
added 2022/01/04 11:30 a.m.47 views

SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...

6.8AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/07/02 12:0 a.m.9 views

The vulnerability of the ReadCUTImage function in the coders/cut.c component of the console image editing tool ImageMagick, related to the assignment of a null pointer, allows a malicious actor to cause a service failure.

The vulnerability of the ReadCUTImage function in the coders/cut.c component of the console-based image editing tool ImageMagick involves the use of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure by using a corrupted image file...

6.5CVSS6.8AI score0.01605EPSS
Exploits0References11Affected Software3
OpenVAS
OpenVAS
added 2021/06/17 12:0 a.m.7 views

Huawei Data Communication: The undo local-user idle-cut command disables the idle-cut function for local users

Checks, if the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/08/03 3:30 p.m.21 views

Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...

7.4AI score
Exploits0
OSV
OSV
added 2020/07/01 11:44 p.m.3 views

USN-4407-1 libvncserver vulnerabilities

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...

9.8CVSS7AI score0.03345EPSS
Exploits1References6
Rows per page
Query Builder