156 matches found
Oracle Communications Operations Monitor has an unspecified vulnerability (CNVD-2022-17348)
Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...
CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform Crystal Reports - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the...
Google TensorFlow heap out-of-bounds read vulnerability (CNVD-2021-37627)
Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in Google TensorFlow. An attacker can exploit the vulnerability to read data outside the boundaries of the heap allocation buffer in "tf.raw\u ops.QuantizeAndDequantizeV3"...
ONLYOFFICE Document Server File Extension Handling Vulnerability
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. ONLYOFFICE Document Server suffers from a file extension handling vulnerability that can be exploited by an attacker requesting data to control file...
Unspecified Vulnerability in Cisco Firepower Management Center and Cisco Firepower Threat Defense
Cisco Firepower Management Center and Cisco Firepower Threat Defense are both products of Cisco Corporation.Cisco Firepower Management Center is a next-generation firewall management center software.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall...
CVE-2020-16233
CVE-2020-16233 affects CodeMeter WebAdmin (CodeMeter, prior to version 7.10). A network attacker could send a specially crafted packet to cause the server to return packets containing data from the heap, exposing heap data and potentially enabling further exploitation. The vulnerability is docume...
HP ThinPro 6.x / 7.x Filter Bypass
HP ThinPro - Application filter bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2019-16286 CVSSv3 score ------------------------------------------------- 6.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:...
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway RD Gateway, and Windows Remote Desktop Client. A remote attacker could exploit these...
CVE-2011-2924
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...
Europol: Ransomware remains top threat in IOCTA report
The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment IOCTA report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also...
Xiaomi Millet mobile phones file upload vulnerability
The Xiaomi phone is a smartphone from Xiaomi Information Technology Co. A file upload vulnerability exists in Xiaomi Millet mobile phones. An attacker can exploit the vulnerability to write files or read privileged data...
RSAC 2019: The Dark Side of Machine Learning
SAN FRANCISCO – The same machine-learning algorithms that made self-driving cars and voice assistants possible can be hacked to turn a cat into guacamole or Bach symphonies into audio-based attacks against a smartphone. These are examples of “adversarial attacks” against machine learning systems...
CVE-2019-6977
gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...
Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies
Equifax, Experian and Oracle are among a slate of companies whose business is consumer information, that could soon face billions of dollars in fines for improper data handling. Privacy International has filed complaints against seven corporations, consisting of data brokers Acxiom and Oracle,...
So you’ve been asked to start a threat intel program
Ever since the Mandiant APT1 report landed like a bomb in private sector security reporting, threat intelligence has been a hot buzzword many companies have been chasing over. But what is threat intelligence? What do you need to execute it well? And how many new tools do you need to buy? The...
Security Bulletin:Vulnerability in Apache Commons affects IBM Content Collector (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Content Collector. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by...
CVE-2017-17313
The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the la...
UBUNTU-CVE-2018-2637
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
CVE-2015-6820
The ffsbrapply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have...