8752 matches found
K16318: OpenSSL vulnerability CVE-2015-0287
Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...
Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-3566)
Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. NSS is used by FlashSystem 840. FlashSystem 840 has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2014-3566...
[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.77-1.fc37
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...
Microsoft Security Update Validation Report February 2023
Microsoft’s February 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...
PT-2023-12889 · Intel · Intel Sgx Sdk
Name of the Vulnerable Software and Affected Versions: IntelR SGX SDK software for Linux versions prior to 2.16.100.1 Description: The issue is related to insufficient control flow management, which may allow an authenticated user to potentially enable information disclosure via local access...
PT-2023-13473 · Intel +1 · Intel Media Sdk +1
Name of the Vulnerable Software and Affected Versions: IntelR Media SDK versions prior to 22.2.2 Description: The issue is related to a protection mechanism failure in the IntelR Media SDK software, which may allow an authenticated user to potentially enable denial of service via local access...
Intel SGX SDK 安全漏洞
Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from Intel Corporation USA. A security vulnerability exists in the IntelR SGX SDK software for Linux prior to version 2.16.100.1, which stems from inadequate software control flow...
SUSE: Security Advisory (SUSE-SU-2023:0421-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Intel SGX SDK 安全漏洞
Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from Intel Corporation USA. A security vulnerability exists in Intel SGX SDK versions prior to 2.16.100.1, which stems from an improper conditional checking in the software, and can be...
SUSE: Security Advisory (SUSE-SU-2023:0428-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Intel Media SDK 安全漏洞
Intel Media SDK is a multimedia SDK Software Development Kit from Intel Corporation. The product is primarily used for video encoding, decoding and processing in Windows and embedded Linux applications. A security vulnerability exists in Intel Media Software Development Kit, which stems from a...
Malwarebytes: Rails Debug Mode Enabled On ( https://44.208.145.207/testrail/files.md5 )
Summary: A Ruby on Rails web application running in development mode was identified on a Malwarebytes server. The application exposed sensitive system information, including details about middleware components and application root paths, which should not be accessible in a production environment...
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...
SUSE CVE-2006-2426
Sun Java Runtime Environment JRE 1.5.06 and earlier, JDK 1.5.06 and earlier, and SDK 1.5.06 and earlier allows remote attackers to cause a denial of service disk consumption by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory...
SUSE CVE-2006-6737
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
SUSE CVE-2006-6745
Multiple unspecified vulnerabilities in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, and Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges,...
SUSE CVE-2007-2788
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...
SUSE CVE-2007-4381
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...
SUSE CVE-2008-1187
Unspecified vulnerability in Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to cause a denial of service JRE crash and possibly execute arbitrary code via unknown vectors related to XSLT transform...