145 matches found
CVE-2019-6476
CVE-2019-6476 describes a defect in the QNAME minimization code in BIND that can cause named to exit with an assertion failure when a forwarder returns a referral instead of resolving the query. Affected products/versions: BIND 9.14.0–9.14.6 and 9.15.0–9.15.4. The description does not provide a f...
CVE-2019-6476 An error in QNAME minimization code can cause BIND to exit with an assertion failure
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4...
CVE-2019-6476
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4...
CVE-2019-6476
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4...
CVE-2019-6476
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4...
Scalable Fuzzing Infrastructure: ClusterFuzz
ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz . ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software...
INVT Electric VT-Designer
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...
Fuji Electric FRENIC Devices (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit/public exploits are available Vendor : Fuji Electric Equipment : FRENIC Loader, FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace Vulnerabilities : Buffer Over-read,...
Schneider Electric U.motion Builder
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: U.motion Builder Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS
The WHOIS internet domain directory is at the center of a GDPR-related lawsuit that should clarify at least one of the many unknowns when it comes to achieving compliance with the data-privacy regulation. The suit was filed last week by ICANN, the nonprofit body responsible for administering the...
Leveraging Imperva Solutions for GDPR Compliance Part II: Pseudonymization
Down to the wire- the GDPR compliance deadline is here. It’s May 25 and the EU’s General Data Protection Regulation GDPR is live. As you know by now, the risk and potential costs associated with a failure to comply with the EU’s General Data Protection Regulation GDPR are substantial. GDPR...
Data Security Solutions for GDPR Compliance
Enforcement of the new EU General Data Protection Regulation GDPR adopted in 2016 starts on May 25, 2018. It requires all organizations that do any business in the EU or that collect or process personal data originating in the EU to comply with the regulation. Organizations that do not have a...
Three Reasons Why GDPR Encourages Pseudonymization
The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...
PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol
CVSS v3 6.8 ATTENTION: Public exploits are available. Vendor: PHOENIX CONTACT Equipment: WLAN capable devices using the WPA2 Protocol Vulnerabilities: Reusing a Nonce AFFECTED PRODUCTS PHOENIX CONTACT reports that these vulnerabilities affect all versions of the following WLAN capable devices usi...
GNU binutils - rx_decode_opcode Buffer Overflow
GNU binutils - rxdecodeopcode Buffer Overflow Source: https://sourceware.org/bugzilla/showbug.cgi?id=21587 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...
5 Questions to Ask Your CISO about the GDPR
The European General Data Protection Regulation GDPR comes into force on May 25, 2018, and it will have a huge impact on the way businesses store and collect personal information belonging to those located in the European Union EU. The regulation applies to all businesses that hold and process da...
Brother MFC-J6520DW - Authentication Bypass Password Change
Brother MFC-J6520DW - Authentication Bypass Password Change ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS...
libreoffice: Crash in WinMtfOutput::DrawText
Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6116030539628544 Project: libreoffice Fuzzer: libFuzzerlibreofficewmffuzzer Fuzz target binary: wmffuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...
ffmpeg: Stack-buffer-overflow in ff_htmlmarkup_to_ass
Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6380176053108736 Target: ffmpeg Fuzzer: libFuzzerffmpegSUBTITLEAVCODECIDSUBRIPfuzzer Fuzzer binary: ffmpegSUBTITLEAVCODECIDSUBRIPfuzzer Job Type: libfuzzerasanffmpeg Platform Id: linu...
libarchive: Heap-buffer-overflow in uudecode_bidder_bid
Project: https://github.com/libarchive/libarchive.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4975496261533696 Target: libarchive Fuzzer: libFuzzerlibarchivefuzzer Fuzzer binary: libarchivefuzzer Job Type: libfuzzerasanlibarchive Platform Id: linux Crash Type:...