1147 matches found
ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes
Cary Phillips reports: v2.5.3 - Patch release with various bug/security fixes ...: Various sanitizer/fuzz-identified issues related to handling of invalid input...
Cross-Site Scripting in Kaminari
Impact In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. Releases The 1.2.1 gem including the patch has already been released. All past released versions are affected by this...
OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes
Cary Phillips reports: openexr 2.5.2 is a patch release with various bug/security and build/install fixes: Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSiz...
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware , which can propagate itself from one vulnerable computer to another automatically. The vulnerability,...
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches
This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business...
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312 Exploit Author: Jinson Varghese Behanan Author Advisory:...
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...
Exploit for CVE-2019-12180
CVE-2019-12180 Advisory & PoC SoapUI and ReadyAPI allow you t...
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim...
Upgrade cannot proceed because Maintenance Expiration Date of the license must be later than the patch Release Date
After attempting a software upgrade the following error is displayed:...
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which require...
Zoom Will Fix the Flaw That Let Hackers Hijack Webcams
While it at first dismissed the vulnerability, Zoom says it will release a patch Tuesday night...
Qt 5.12.4 Released with support for OpenSSL 1.1.1
Qt 5.12.4, the fourth patch release of Qt 5.12 LTS, is released today. Qt 5.12.4 release provides a number of bug fixes, as well as performance and other improvements. As an important new item it provides binaries build with OpenSSL 1.1.1, including the new TLS 1.3 functionality. Compared to Qt...
WhatsApp Zero-Day Exploited in Targeted Spyware Attacks
UPDATE WhatsApp is urging users to update as soon as possible, after a zero-day vulnerability found in its messaging platform was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. First reported by the Financial Times, the popular messaging app...
Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites
If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magent...
Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit,...
CVE-2019-1674 Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...
Microsoft Windows RCE Flaw Gets Temporary Micropatch
Three unfixed Microsoft Windows vulnerabilities have been assigned unofficial, temporary micropatches – including a recently-disclosed high-severity remote code-execution flaw. The micropatches were released Tuesday by ACROS Security’s 0patch platform. 0patch, which is still in its beta stage,...