438 matches found
ImageMagick integer overflow vulnerability (CNVD-2021-10257)
ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An integer overflow vulnerability exists in MagickCore/string.c in versions of ImageMagick prior to 7.0.8-68. An attacker could exploit this vulnerability to cause an...
ImageMagick Digital Error Vulnerability (CNVD-2021-10260)
ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in MagickCore/gem-private.h in versions of ImageMagick prior to 7.0.9-0. An attacker can exploit this vulnerability by submitting a...
OPENSUSE-SU-2020:2178-1 Security update for opera
This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 Mac Vertical spacing of sidebar items incorrect - DNA-89698 Mac text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer -...
ImageMagick Studio ImageMagick 输入验证错误漏洞
ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An integer overflow vulnerability exists in MagickCore/string.c in versions of ImageMagick prior to 7.0.8-68. An attacker could exploit this vulnerability to cause an...
OPENSUSE-SU-2020:2096-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 new: MailExtensions: Menus...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:2096-1 Rating: important References: 1178894 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961...
SUSE-SU-2020:3528-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 new: MailExtensions: Menus...
Atlassian Fisheye and Crucible Security Vulnerabilities
Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a source code deep view software.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye/Crucible that can be exploited by an attacker to affect the usability of an applicatio...
Real Life Comics App Has Denial of Service Vulnerability
Real Comics is a mobile comic app. A denial of service vulnerability exists in the Real Life Comics App, which can be exploited by attackers to have an impact on the usability of the application...
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...
On Risk-Based Authentication
Interesting usability study: "More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication": Abstract: Risk-based Authentication RBA is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during...
Rethinking Defensive Strategy at the Edge, Part 3: Strategies for Protective Action
Our three-part blog series, Re-thinking Defensive Strategy at the Edge, has been focusing on outlining a new defensive edge strategy for today's enterprise. We began with a discussion of data and indicators. Most recently, our second post focused on using risk signals and correlating them for...
Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 2 (7.0.14-258)
The Hotfix 2 for Virtuozzo Hybrid Server 7.0 Update 14 provides security, stability, and usability bug fixes. Vulnerability id: PSBM-106197, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402,...
Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)
The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes. Vulnerability id: PP-568 PowerPanel web interface could be vulnerable to clickjacking...
Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 1 (7.0.14-257)
The Hotfix 1 for Virtuozzo Hybrid Server 7.0 Update 14 provides stability and usability bug fixes. Vulnerability id: PSBM-105022 Unable to live-migrate VMs with dirty bitmaps on Virtuozzo Storage. Vulnerability id: PSBM-104631, PSBM-104632 CS journals to be placed on SSDs are now properly handled...
OPENSUSE-SU-2020:0852-1 Security update for osc
This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error message...
Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 3 (7.5.1-737)
The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. Vulnerability id: PSBM-130586 VM disk resize functionality could stop working for non-root users after upgrading to version 7.5.1...
Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 11 (VA MN: 7.0.2-649, VA Agent: 7.0.2-372)
Hotfix 11 for Virtuozzo Automator 7.0.2 provides stability and usability fixes. Vulnerability id: PVA-37488 Changing VM's OS distribution via API calls could reset the 'cpulimit' and 'iolimit' values. Vulnerability id: PVA-37495 VA Agent did not return the 'counterioused' value. Vulnerability id:...
Code injection
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 2 (7.5.1-736)
The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. All customers that use CloudBlue Cloud Infrastructure Automation with Virtuozzo Hybrid Server 7.5 and newer are strongly recommended to install the hotfix. Vulnerability id: PSBM-125586 Cloud...