11 matches found
EUVD-2014-0306
Malware in sbrugna...
CVE-2019-14712
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...
March 8, 2022—KB5011564 (Monthly Rollup)
March 8, 2022—KB5011564 Monthly Rollup Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Startin...
Design/Logic Flaw
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...
CVE-2019-14712
The CVE-2019-14712 entry concerns Verifone VerixV Pinpad Terminals (QT000530). Affected component/function: S1G file generation with bypass of integrity and origin control. Root cause details are not explicitly described beyond the bypass. Documents indicate an impact across confidentiality, inte...
CVE-2019-19041
CVE-2019-19041 affects Xorux Lpar2RRD 6.11 and Stor2RRD 2.61 (distributed in Xorux 2.41). The underlying issue is improper verification of upgrade packages, allowing an attacker to modify the files.SUM integrity controls and inject a malicious Bash script via upgrade.sh, enabling arbitrary code e...
Policy Compliance Adds UDC Support for Cloud Agent
Qualys is extending the Cloud Agent capabilities for users of the Policy Compliance PC application by letting them define controls. Until now, the Cloud Agent could only assess Qualys PC’s “out of the box” controls. By adding support for user defined controls UDC, Qualys PC users now can use Clou...
Indication of Compromise: Another Key Practice for GDPR Compliance
In this ongoing blog series on preparing for complying with the EU’s General Data Protection Regulation GDPR, we’ve explained the importance of having solid, foundational security practices like asset management and threat prioritization. Today, we’ll discuss how another such practice can help...
MicEnum - Mandatory Integrity Control Enumerator for Windows
In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control MIC is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity LevelsIL-based isolation to running processes and objects...
Privilege escalation
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."...
IPSec information leak
If ESP is used without integrity control it's possible to obtain plaintext data in ICMP error meesage by modifying source packet...