It's best to just assume you’ve been involved in a data breach somehow

Between AT&T, all the follow-on activity from Snowflake, Microsoft Outlook, and more, its best to probably just assume at this point that your personal information has somehow been involved in a data breach. Were only halfway through 2024, and weve already seen some of the largest data breaches a...

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this months patch batch -- a record 147...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

Microsoft Patch Tuesday, May 2022 Edition

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This months patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all...

Microsoft Patch Tuesday, August 2021 Edition

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software...

Microsoft Releases Emergency Security Updates for Windows 10, Server

Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. Windows Codecs Library handles how the OS compresses large multimedia files such as photos and videos, and then decodes them for playback within applications. The...

ICSA-19-106-01_Delta Industrial Automation CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Delta Equipment: Delta Industrial Automation CNCSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these...

CVE-2019-6539

Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC...

CVE-2019-6541

A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC...

CVE-2019-6539

CVE-2019-6539 is a set of heap-based buffer overflow vulnerabilities in Wecon LeviStudioU (versions up to 1.8.56). The issues arise when parsing various project/file data (e.g., HSC, UMP, Desc, TextContent, LaIndexID) where user-supplied data is copied into fixed-length heap buffers, enabling arb...

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Adobe on Tuesday released three patches – including a fix for a flaw in Adobe Acrobat and Reader that exposes hashed passwords that already has a proof-of-concept PoC exploit code publicly available. The information disclosure vulnerability, CVE-2018-15979, exists in Adobe Acrobat and Reader for...

VMSA-2018-0018 : VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues

a. VMware Horizon View Agent local information disclosure vulnerability VMware Horizon View Agents contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during...

CentOS 7 : libvorbis (CESA-2018:1058)

An update for libvorbis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

WebKitGTK+ Memory Corruption / Code Execution Vulnerability

Exploit for windows platform in category dos / poc ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004...

Important: Red Hat Security Advisory: libvorbis security update

An update for libvorbis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Eaton ELCSoft

CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Eaton Equipment: ELCSoft Vulnerability: Improper Input Validation AFFECTED PRODUCTS ELCSoft is programming software for all Eaton ELC programmable logic controllers. The ELC programmable logic controllers are not...

About the security content of Safari 11.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CentOS Update for firefox CESA-2017:0558 centos7

Check the version of firefox SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882683";...

firefox security update

CentOS Errata and Security Advisory CESA-2017:0558 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...