CVE-2017-7894

WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a "User Mode Write AV near NULL" in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands...

CVE-2017-8387

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands...

Design/Logic Flaw

WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a "User Mode Write AV near NULL" in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands...

Design/Logic Flaw

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands...

Design/Logic Flaw

Notepad++ 7.3.3 32-bit with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues...

Design/Logic Flaw

Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as...

CVE-2017-8387

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands...

Creating a Mandatory Profile Recipe

Windows profiles include the user registry and the file system under c:\users%username%. Windows profiles are where application vendors store setting information particular to a user. What is stored here can be anything the vendors need to store for their applications to work. Many application ru...

Qualys Cloud Suite 8.10.1 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.1, includes updates to password management, user roles & permissions, and User Defined Control improvements in Qualys Policy Compliance PC. Feature Highlights Qualys Cloud Platform Platform Password Improvements - In this release, we...

Important: Red Hat Bug Fix Advisory: Red Hat Ceph Storage 2.3 bug fix and enhancement update

Red Hat Ceph Storage 2.3 is now available. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Bug Fixes and Enhancements: For...

End of support for Office 2013

End of support for Office 2013 Support for Office 2013 ended on April 11, 2023 and there will be no extension and no extended security updates. All of your Office 2013 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks.Buy or try...

F5 Networks BIG-IP : BIG-IP Azure cloud vulnerability (K61757346)

In some circumstances, a BIG-IP Azure cloud instance may contain a default administrative password which can be used to remotely log in to the BIG-IP system. The affected administrative account is the Azure instance administrative user created at deployment. The root and admin accounts are not...

Command injection

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...

CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...

Hands-On Review: Converged Networking and Security with Cato Networks

Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or...

The CIS Critical Security Controls Explained – Control 6: Maintenance, Monitoring and Analysis of Audit Logs

In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls. Ill be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand the need to nurtu...

Memory corruption

A vulnerability in Google-defined remote procedure call gRPC handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash due to a system memory leak, resulting in a denial of service DoS condition. This vulnerability...

[SECURITY] [DSA 3824-1] firebird2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3824-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

BGP Swiss Army Knife: ExaBGP

ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS. It is routinely used to improve service resilience and provide protection against network or...

CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service infinite loop by converting a circularly defined SVG file...