Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...

Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “replace” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “create” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the “state” field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

DLA-1434-1 linux-base - security update

Bulletin has no description...

Google Android has an unspecified vulnerability (CNVD-2019-44517)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in Android that stems from the program not properly validating pointers in the ADSPRPC command. An attacker can exploit the vulnerability to access...

IBM DB2 for Linux, UNIX and Windows File Overwrite Vulnerability (CNVD-2018-10561)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server for Linux, UNIX, and...

Researchers Defeat AMD's SEV Virtual Machine Encryption

German security researchers claim to have found a new practical attack against virtual machines VMs protected using AMD's Secure Encrypted Virtualization SEV technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization SEV technology...

Google Android has an unspecified vulnerability (CNVD-2018-10068)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.Qualcomm MDM9635M, Qualcomm SD 400, and Qualcomm SD 800 are Qualcomm's central processing unit CPU products. （Qualcomm MDM9635M, Qualcomm SD 400 and Qualcomm SD 800 are Qualcomm's...

Google Android has an unspecified vulnerability (CNVD-2018-10039)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

Google Android has an unspecified vulnerability (CNVD-2018-09701)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm MSM8909W is a central processing unit CPU product of Qualcomm. A security vulnerability exists in the Qualcomm closed-source component in Android. No details of the...

Google Android has an unspecified vulnerability (CNVD-2018-09754)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems

Researchers have identified a new malware family, dubbed GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses. The malware has been in the wild since June 2017 and exhibits a number of unique characteristics, such as being written in t...

RHEL 7 : Satellite 6.3 (RHSA-2018:0336)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0336 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitorin...

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:...

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Trend Micro Email Encryption Gateway 5.5 Build 1111.00 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple...

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:...

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities Date published: 2018-02-21 Date of last update:...

dnscrypt-autoinstall - Automatic installation and configuration of DNSCrypt

A script for installing and automatically configuring DNSCrypt on Linux-based systems. Description DNSCrypt is a protocol for securing communications between a client and a DNS resolver by encrypting DNS queries and responses. It verifies that responses you get from a DNS provider have actually...

Google Android Qualcomm QBT1000 Driver Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the Qualcomm QBT1000 driver is a Qualcomm-developed QBT1000 driver used in it. The Qualcomm QBT1000 driver for Android is vulnerable to a boost vulnerability that arises from...