196 matches found
Litecoin Security: How to Spot, Avoid, and Recover from Crypto Scams
It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning…...
CVE-2022-33862
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems...
A Step-by-Step Guide to How Threat Hunting Works
Stay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,…...
MAL-2024-9492 Malicious code in acceptable-emerald-ladybug (npm)
--- -= Per source details. Do not edit below this line.=-...
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick arises from improper memory release before deleting the last link. This allows a malicious actor to compromise data integrity and cause service failures.
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick is related to improper memory release before deleting the last link. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' through the Gif decoder. An attacker can cause the application to consume excessive memory resources by processing specially crafted image files. Workaround This vulnerability can ...
The vulnerability of the im_convert_path/im_identify_path function in the RoundCube Webmail client allows a hacker to exploit their privileges.
The vulnerability of the imconvertpath/imidentifypath function in the RoundCube Webmail email client is related to the lack of measures taken at the administrative level to clean up data. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
SUSE CVE-2024-37385
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...
Security Bulletin: IBM Java and IBM WebSphere Application Server used by ISVG - Identity Manager have multiple vulnerabilities
Summary IBM Security Verify Governance - Identity Manager ships with IBM Java SDK and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulleti...
[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40
Grassroots DiCoM GDCM is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 huffman compression is not supported, RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM files. It...
[SECURITY] Fedora 38 Update: gdcm-3.0.21-4.fc38
Grassroots DiCoM GDCM is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 huffman compression is not supported, RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM files. It...
SUSE CVE-2024-27392
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
UBUNTU-CVE-2024-27392
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
PT-2024-25032 · Yamux · Yamux
Name of the Vulnerable Software and Affected Versions: Yamux affected versions not specified Description: Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames, which is not bounded...
PT-2024-3377 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8-rc7 Description: The issue is related to a double-free vulnerability in the ns update nuse function, which can lead to a denial of service. When nvme identify ns fails, it frees the pointer to the struct nvm...
NIST Cybersecurity Framework 2.0
NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
CVE-2022-48541
A flaw was found in ImageMagick, which susceptible to a Missing Release of Memory after the Effective Lifetime vulnerability is triggered by the 'identify -help' command. This issue could allow an attacker to initiate a denial of service attack by inducing a memory leak. Mitigation Mitigation for...
CLSA-2023-1696351966 Fix CVE(s): CVE-2022-48541
SECURITY UPDATE: a memory leak that allows remote attackers to perform a denial of service via the "identify -help" command - debian/patches/CVE-2022-48541.patch: added missing calls to destroy methods - CVE-2022-48541...
CLSA-2023-1696351712 Fix CVE(s): CVE-2022-48541
SECURITY UPDATE: a memory leak that allows remote attackers to perform a denial of service via the "identify -help" command - debian/patches/CVE-2022-48541.patch: added missing calls to destroy methods - CVE-2022-48541...