7 matches found
gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A heap-based buffer overflow in GIMP’s X Window Dump XWD file parser allows an attacker to craft a malicious XWD file or a web page that triggers opening one that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as...
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...
Loytec LINX Automation Servers Information Disclosure / Cleartext Secrets Vulnerability
Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. + CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple...
Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple vulnerabilities in Loytec L-INX Automation Servers + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 + Affected Components : L-INX Automation Servers +...
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access Vulnerabilities
Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. + CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in...
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...
Sharing research and discoveries at PWN2OWN
The annual PWN2OWN exploit contest at the CanSecWest conference in Vancouver, British Columbia, Canada, brings together some of the top security talent from across the globe in a friendly competition. For the participants, these events are a platform to demonstrate world-class skills and vie for...