15 matches found
Memory Leak
ImageMagick is vulnerable to a memory leak. The vulnerability is due to improper handling of malformed OpenCL device profile XML files in the LoadOpenCLDeviceBenchmark function, which fails to free allocated string memory when elements are not properly closed, allowing an attacker to trigger memo...
GHSA-QP59-X883-77QV ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML
Summary A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains closing tags, the function fails to release allocated memory for string members platformname, vendorname, name, versio...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
CVE-2025-43720 affects Headwind MDM prior to 5.33.1. The condition allows unauthorized users (Observer role) to access the Configuration profile, revealing the password needed to escape the MDM-controlled device’s profile. Reported across multiple trusted sources; CVSS vector indicates high confi...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51749
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
kernel: net/mlx5e: Take RTNL lock when needed before calling xdp_set_features()
A locking flaw in the Mellanox mlx5 Ethernet driver allowed calls to xdpsetfeatures without holding the required rtnetlink RTNL lock. A local administrator switching device profiles for example, from an uplink representor to a Network Interface Card profile could trigger notifier paths without...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
Design/Logic Flaw
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51749
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
How to re-register device profile on Citrix Cloud ADM for the Citrix cloud hosted Netscalers
How to re-register device profile on Citrix Cloud ADM for the Citrix cloud hosted Netscalers...
Barco wePresent WiPG-1600W Security Vulnerability
Barco Barco wePresent WiPG-1600W is a management appliance for conference environments from Barco Belgium. A security vulnerability exists in Barco wePresent WiPG-1600W 2.5.1.8 that stems from the inclusion of an SSH daemon. By default, the SSH daemon is disabled and is not started at system boot...
Phishing Biggest Threat to Google Account Security
Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks. Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyz...