56 matches found
SUSE CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
USPS “Your package could not be delivered” text is a smishing scam
A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...
Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics
Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...
OESA-2022-1586 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
Silicon Graphics LibTIFF 缓冲区错误漏洞
Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF 4.3.0, which stems from a read...
The vulnerability of the exif_data_save_data_entry function in the library for grammatical analysis of EXIF files in libexif, related to reading beyond the permissible buffer limits, allows a perpetrator to access confidential information or cause service failures.
The vulnerability of the exifdatasavedataentry function in the EXIF-file grammar analysis library libexif is related to reading data beyond the permissible buffer limits. Exploiting this vulnerability could allow an attacker to access confidential information or cause service failures...
kernel: bad kfree in auditfilter.c may lead to escalation of privilege
A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...
kernel: bad kfree in auditfilter.c may lead to escalation of privilege
A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...
kernel: bad kfree in auditfilter.c may lead to escalation of privilege
A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...
kernel: bad kfree in auditfilter.c may lead to escalation of privilege
A flaw was found in the Linux kernel. A logic error in auditdatatoentry can lead to a local escalation of privilege without user interaction needed. A local attacker with special user privilege could crash the system leading to information leak. The highest threat from this vulnerability is to da...
DEBIAN-CVE-2020-0444
In auditfreelsmfield of auditfilter.c, there is a possible bad kfree due to a logic error in auditdatatoentry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
UBUNTU-CVE-2020-0444
In auditfreelsmfield of auditfilter.c, there is a possible bad kfree due to a logic error in auditdatatoentry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
UBUNTU-CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
WordPress custom-searchable-data-entry-system SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. custom-searchable-data-entry-system is a custom searchable data entry system used in it. A SQL injection vulnerability exists in...
CVE-2020-10817
The custom-searchable-data-entry-system aka Custom Searchable Data Entry System plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued...
CVE-2020-10817
The CVE-2020-10817 entry describes a SQL injection vulnerability in the WordPress plugin “custom-searchable-data-entry-system” (aka Custom Searchable Data Entry System) up to version 1.7.1. The root cause is lack of input validation when constructing or handling SQL statements, enabling an attack...
Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Data Modification and Deletion
The estimated 2,000+ sites running the plugin are vulnerable to Unauthenticated Data Modification and Deletion, including the potential to delete the entire contents of any table in a vulnerable site’s database...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34770)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Wind River Systems VxWorks Parameter Injection Vulnerability
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability arises from a network system or product that does not properly filter special characters in parameters...