CVE-2023-40551

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

Citrix Workspace App For Linux 2212 Credential Leak Vulnerability

The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected. Citrix Linux client...

HPSBHF03690 rev. 3 - NVIDIA GPU Display Driver September 2020 Security Updates

Potential Security Impact Escalation of Privilege, Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...

HPSBHF03681 rev. 2 - Intel® Graphics Drivers August 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel® Graphics Drivers which may allow escalation of privilege and/...

[サイバーセキュリティ月間2020] マイクロソフトのセキュリティに関する情報発信サイトのまとめ

わたしたちセキュリティレスポンスチームは、日本政府が定める「サイバーセキュリティ月間」に賛同し、本ブ...

HPSBHF03657 rev. 3 - NVIDIA GPU Display Driver February 2020 Security Updates

Potential Security Impact Denial of Service, Escalation of Privileges, Code Execution, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...

Integer Overflow

The GIMP GNU Image Manipulation Program is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System XWD image dump files. A remote attacker could provide a...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Arbitrary Code Execution

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web...

Denial Of Service (DoS) And Remote Code Execution (RCE)

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that,...

CentOS 7 : corosync (CESA-2018:1169)

An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Oracle Linux 7 : corosync (ELSA-2018-1169)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1169 advisory. 2.4.3-2.1 - Resolves: rhbz1560467 - totemcrypto: Check length of the packet Tenable has extracted the preceding description block directly from the Oracle Linux...

Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption

Exploit for windows platform in category dos / poc Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: 7.2.8.1124 and earlier Author: Francis Provencher of COSIG Website: http://www.protekresearchlab.com/ Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technica...

piwik -- multiple vulnerabilities

Piwik changelog reports: This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible...

[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04762372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762372 Version: 2 HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization...

Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption

Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320. Secunia: SA63346 PRL: 2015-05...

IIS the latest high-risk Vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4 analysis-vulnerability warning-the black bar safety net

Foreword In 4 month's patch day, Microsoft by marking“high-risk”MS15-0 3 4 patch fix HTTP. SYS a remote code Vulnerability, CVE-2 0 1 5-1 6 3 5 It. According to Microsoft Bulletin https://technet.microsoft.com/en-us/library/security/MS15-034 the call, when the vulnerability exists in the HTTP...

RHEL 6 : Virtualization Manager (RHSA-2012:1506)

Red Hat Enterprise Virtualization Manager 3.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the C...