CVE-2020-12811

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...

PT-2020-6397 · Libraw +5 · Libraw +5

Name of the Vulnerable Software and Affected Versions: Libraw versions prior to 0.20.1 Description: The issue is related to a stack buffer overflow in the LibRaw::identify process dng fields function within the identify.cpp component of the Libraw image processing library. This overflow can be...

WhatsApp’s new fact-check feature lets users identify fake information

By Waqas WhatsApp's "Search the Web" feature lets users perform web searches on viral messages to confirm their authenticity. This is a post from HackRead.com Read the original post: WhatsApp’s new fact-check feature lets users identify fake information...

libraw:libraw_fuzzer: Use-of-uninitialized-value in LibRaw::identify

Detailed Report: https://oss-fuzz.com/testcase?key=5767589518376960 Project: libraw Fuzzing Engine: libFuzzer Fuzz Target: librawfuzzer Job Type: libfuzzermsanlibraw Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LibRaw::identify LibRaw::opendatastream...

Unspecified vulnerability in COVIDSafe app

COVIDSafe app is an Australian coronavirus contact tracing app. The COVIDSafe app suffers from an unspecified vulnerability that stems from an unnecessary field in the OpenTrace/BlueTrace protocol. An attacker can exploit the vulnerability by looking at plaintext payload data to confirm the model...

Code injection

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

CVE-2020-12858

The CVE-2020-12858 entry concerns the COVIDSafe Android app, where non-reinitialisation of random data in the advertising payload in versions v1.0.15 and v1.0.16 allows a remote attacker to re-identify devices by scanning advertising beacons. Affected component: COVIDSafe app’s advertising beacon...

CVE-2018-5804

A type confusion error within the "identify" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero...

DEBIAN-CVE-2019-18809

A memory leak in the af9005identifystate function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-2289adbfa559...

Fedora Update for file FEDORA-2019-97dcb2762a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

freeimage/load_from_memory_fuzzer: Stack-buffer-overflow in LibRaw::parse_rollei

Detailed report: https://oss-fuzz.com/testcase?key=5156329342107648 Project: freeimage Fuzzer: libFuzzerloadfrommemoryfuzzer Fuzz target binary: loadfrommemoryfuzzer Job Type: libfuzzerasanfreeimage Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7fef5bbbdca0 Crash Stat...

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevente...

Partner Perspectives: 3 Tips for Starting a Threat Hunting Program

Peter Silberman is the Director of Detection & Response, Innovation at Expel. Mary Singh is a Detection and Response Lead at Expel. So, you want to build a threat hunting program…but where do you start? There are lots of ways to build a threat hunting program for your own org and depending on you...

WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization

High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this...

tinyxml2/xmltest: Use-of-uninitialized-value in tinyxml2::XMLUtil::StringEqual

Project: https://github.com/leethomason/tinyxml2.git Detailed report: https://oss-fuzz.com/testcase?key=5763247731376128 Project: tinyxml2 Fuzzer: libFuzzerxmltest Fuzz target binary: xmltest Job Type: libfuzzermsantinyxml2 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

Top 5 Threat Hunting Myths: “Threat Hunting Is Too Expensive”

The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...

LibRaw 'identify()' function integer overflow vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. An integer overflow vulnerability exists in the 'identify' function of the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.12. A remote attacker can exploit this...

LibRaw 'identify()' Function Type Obfuscation Vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A type-obfuscation vulnerability exists in the 'identify' function of the internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.8. A remote attacker can exploit this...

CVE-2018-5816

An integer overflow error within the "identify" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804...

CVE-2018-5816

An integer overflow error within the "identify" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804...