The vulnerability of the exif_process_IFD_in_MAKERNOTE function in the EXIF interpreter for the PHP programming language allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the exifprocessIFDinMAKERNOTE function in the EXIF interpreter for the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilitie...

Google Releases Security Updates for Chrome

Google has released Chrome version 83.0.4103.116 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

zonnetprovedor.net.br Cross Site Scripting vulnerability OBB-1197853

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

The Cybersecurity and Infrastructure Security Agency CISA is aware of publicly available and functional proof-of-concept PoC code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are...

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans...

DEBIAN-CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions...

ALPINE-CVE-2020-13114

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data...

mobilityonetransportation.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1162912 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

UBUNTU-CVE-2018-20225

An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not...

PT-2020-19183 · Broadcom +1 · Broadcom Chips +3

Name of the Vulnerable Software and Affected Versions: Broadcom chips affected versions not specified Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset Description: The issue arises from the use of a low-entropy Pseudo Random Number Generator PRNG in situations where a Hardware...

binutils security and bug fix update

2.30-73.0.1 - Forward-port of Oracle patches from 2.30-68.0.2. - Reviewed-by: Elena Zannoni 2.30-68.0.2 - Backport the non-cycle-detecting-capable deduplicating CTF linker - Backport a fix for an upstream hashtab crash no upstream bug number, triggered by the above. - Fix deduplication of...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-11651 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-11651 Source advisory: OSV:PYSEC-2020-102...

The vulnerability of the do_core_note function in the File type detection utility allows a attacker to cause a service failure.

The vulnerability of the docorenote function in the File type detection utility relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the do_core_note function in the File type detection utility allows a attacker to cause a service failure.

The vulnerability of the docorenote function in the File type detection utility is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

Apache Tika Memory Overflow Vulnerability (CNVD-2020-33326)

Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide MicrosoftOffice format documents read and write functions of the open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work to...

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality...