7666 matches found
Cloud Security For The Healthcare Industry: A No-Brainer
The healthcare industry has become one of the likeliest to suffer cyber-attacks, and there’s little wonder why. Having the financial and personal information of scores of patients makes it a very appetizing target for attackers. Just over a year ago, the WannaCry ransomware attack wreaked havoc o...
LibRaw 'kodak_radc_load_raw' function out-of-bounds read vulnerability
LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. An out-of-bounds read vulnerability exists in the 'kodakradcloadraw' function internal/dcrawcommon.cpp file in LibRaw versions prior to 0.18.7. An attacker can exploit this vulnerability with a specially...
LibRaw 'LibRaw::kodak_ycbcr_load_raw()' function heap buffer overflow vulnerability
LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A heap buffer overflow vulnerability exists in the 'LibRaw::kodakycbcrloadraw' function in versions prior to LibRaw 0.18.7 file internal/dcrawcommon.cpp. An attacker could...
CentOS Update for kernel CESA-2018:1965 centos7
Check the version of kernel SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882915";...
CVE-2018-7768
The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter...
Unspecified vulnerability in jpeg-compressor
jpeg-compressor is an encoder for generating JPEG format files. A security vulnerability exists in the 'bmpload' function of the stbimage.c file in jpeg-compressor version 0.1. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer overflow and application crash...
UBUNTU-CVE-2018-12982
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file...
5 Key Factors to Consider When Comparing Cloud Security Solutions [Video]
Migrating to the cloud can be a challenge, and so can securing your platform once you’re there. It means having a security solution that is quick, adaptable and equipped to handle a wider breadth of attacks. Whether you’re in the market for a new security product, or you’re looking to switch, the...
PYSEC-2018-49
In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...
UBUNTU-CVE-2017-18342
In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...
hw: cpu: speculative store bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
PT-2018-3945 · Pyyaml +1 · Pyyaml +1
Name of the Vulnerable Software and Affected Versions: PyYAML versions prior to 5.1 Description: The issue is related to the yaml.load API, which could execute arbitrary code if used with untrusted data. This could allow a remote attacker to access confidential data, compromise its integrity, and...
hw: cpu: speculative store bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
hw: cpu: speculative store bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
PYSEC-2018-80
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
Important: Red Hat Security Advisory: kernel-alt security and bug fix update
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
DLL Hijacking
ffi is vulnerable to DLL hijacking. The vulnerability exists because the library uses symbols instead of String as a DLL name to look up and load DLL files on Windows...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Tested on: lighttpd/1.4.35 Summary: Intern...
Ecessa Edge EV150 10.7.4 Add Superuser Cross Site Request Forgery
input type="hidden" name="userpasswdveri...