124 matches found
LNK Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user...
CVE-2019-5020
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerabili...
CVE-2019-5020
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerabili...
CVE-2017-11579
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...
CVE-2019-5429
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory...
CVE-2019-5429
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory...
CVE-2019-5429
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory...
CVE-2019-5429
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory...
CVE-2018-6336
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code...
F-Secure XFENCE and Little Flocker Command Execution Vulnerabilities
F-Secure XFENCE formerly Little Flocker is a suite of file protection utilities from the Finnish company F-Secure. The program prevents unauthorized access to files and protects against computer security threats such as malware and Trojans. A security vulnerability exists in F-Secure XFENCE and...
CVE-2018-10407
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...
CVE-2018-10192
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The com.ipvanish.osx.vpnhelper LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting xpcobjectt...
Privilege escalation
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The com.ipvanish.osx.vpnhelper LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting xpcobjectt...
Golden Frog VyprVPN for macOS Elevation of Privilege Vulnerability
Golden Frog VyprVPN for macOS is a suite of VPN software for the macOS platform. An elevation of privilege vulnerability exists in versions of Golden Frog VyprVPN for macOS prior to 2.15.0.5828. An attacker can exploit this vulnerability by forcing the VyprVPN application to load a malicious...
Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
Several weeks ago, the Windows Defender Advanced Threat Protection Windows Defender ATP research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology...
MGASA-2016-0299 Updated perl-XSLoader packages fix security vulnerability
An arbitrary code execution can be achieved if loading code from untrusted current working directory despite the '.' is removed from @INC. Vulnerability is in XSLoader that uses caller information to locate .so file to load. If malicious attacker creates directory named eval 1 with malicious bina...
ArcServe UDP Server Path Elevation of Privilege Vulnerability
Arcserve UDP is a unified data protection solution. The solution provides backup and recovery of all virtual and physical environments, global deduplication and more. An elevation of privilege vulnerability exists in Arcserve UDP. Allowing an attacker to exploit the vulnerability in the search pa...
MGASA-2015-0336 Updated hplip packages fix CVE-2015-0839
Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected...
Microsoft Windows Mount Manager Local Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Mount Manager is one of the mounter components. A local elevation of privilege vulnerability exists in Microsoft Windows Mount Manager, which can be exploited by an attacker to write a malicious binar...
HP HP-Plugin Remote Code Execution Vulnerability
hplip is HP Linux graphics and printing software. A security vulnerability exists in HP-Plugin. Allows an attacker to generate a key using a short ID predicted by the vulnerability to trick a user into downloading a malicious binary to execute arbitrary code in the context of the affected...