Lucene search
K

438 matches found

CNVD
CNVD
added 2020/12/07 12:0 a.m.4 views

ImageMagick integer overflow vulnerability (CNVD-2021-10257)

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An integer overflow vulnerability exists in MagickCore/string.c in versions of ImageMagick prior to 7.0.8-68. An attacker could exploit this vulnerability to cause an...

5.5CVSS7.4AI score0.01133EPSS
Exploits1References1
CNVD
CNVD
added 2020/12/07 12:0 a.m.7 views

ImageMagick Digital Error Vulnerability (CNVD-2021-10260)

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in MagickCore/gem-private.h in versions of ImageMagick prior to 7.0.9-0. An attacker can exploit this vulnerability by submitting a...

4.3CVSS7.3AI score0.00966EPSS
Exploits1References1
OSV
OSV
added 2020/12/06 5:22 p.m.6 views

OPENSUSE-SU-2020:2178-1 Security update for opera

This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 Mac Vertical spacing of sidebar items incorrect - DNA-89698 Mac text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer -...

9.6CVSS8.8AI score0.02826EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/12/04 12:0 a.m.6 views

ImageMagick Studio ImageMagick 输入验证错误漏洞

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An integer overflow vulnerability exists in MagickCore/string.c in versions of ImageMagick prior to 7.0.8-68. An attacker could exploit this vulnerability to cause an...

5.5CVSS6.9AI score0.01133EPSS
Exploits1References13
OSV
OSV
added 2020/11/28 4:33 p.m.6 views

OPENSUSE-SU-2020:2096-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 new: MailExtensions: Menus...

9.6CVSS8.6AI score0.5063EPSS
Exploits3References14
OPENSUSE Linux
OPENSUSE Linux
added 2020/11/28 12:0 a.m.50 views

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:2096-1 Rating: important References: 1178894 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961...

9.6CVSS9.2AI score0.5063EPSS
Exploits3References1
OSV
OSV
added 2020/11/26 10:52 a.m.7 views

SUSE-SU-2020:3528-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 new: MailExtensions: Menus...

9.6CVSS8.3AI score0.5063EPSS
Exploits3References14
CNNVD
CNNVD
added 2020/11/25 12:0 a.m.7 views

Atlassian Fisheye and Crucible Security Vulnerabilities

Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a source code deep view software.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye/Crucible that can be exploited by an attacker to affect the usability of an applicatio...

7.5CVSS7.2AI score0.01212EPSS
Exploits0References3
CNVD
CNVD
added 2020/10/23 12:0 a.m.2 views

Real Life Comics App Has Denial of Service Vulnerability

Real Comics is a mobile comic app. A denial of service vulnerability exists in the Real Life Comics App, which can be exploited by attackers to have an impact on the usability of the application...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/10/22 1:16 p.m.23 views

What’s New in InsightAppSec and tCell: Q3 2020 in Review

Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/05 4:47 p.m.28 views

On Risk-Based Authentication

Interesting usability study: "More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication": Abstract: Risk-based Authentication RBA is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during...

3.5AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/09/17 1:0 p.m.21 views

Rethinking Defensive Strategy at the Edge, Part 3: Strategies for Protective Action

Our three-part blog series, Re-thinking Defensive Strategy at the Edge, has been focusing on outlining a new defensive edge strategy for today's enterprise. We began with a discussion of data and indicators. Most recently, our second post focused on using risk signals and correlating them for...

0.4AI score
Exploits0
Virtuozzo
Virtuozzo
added 2020/08/19 12:0 a.m.57 views

Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 2 (7.0.14-258)

The Hotfix 2 for Virtuozzo Hybrid Server 7.0 Update 14 provides security, stability, and usability bug fixes. Vulnerability id: PSBM-106197, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402,...

7.5CVSS7.4AI score0.03589EPSS
Exploits0References12
Virtuozzo
Virtuozzo
added 2020/08/18 12:0 a.m.22 views

Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)

The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes. Vulnerability id: PP-568 PowerPanel web interface could be vulnerable to clickjacking...

2.4AI score
Exploits0
Virtuozzo
Virtuozzo
added 2020/07/07 12:0 a.m.25 views

Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 1 (7.0.14-257)

The Hotfix 1 for Virtuozzo Hybrid Server 7.0 Update 14 provides stability and usability bug fixes. Vulnerability id: PSBM-105022 Unable to live-migrate VMs with dirty bitmaps on Virtuozzo Storage. Vulnerability id: PSBM-104631, PSBM-104632 CS journals to be placed on SSDs are now properly handled...

7AI score
Exploits0
OSV
OSV
added 2020/06/22 6:18 p.m.6 views

OPENSUSE-SU-2020:0852-1 Security update for osc

This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error message...

9.8CVSS9.4AI score0.01424EPSS
Exploits1References3
Virtuozzo
Virtuozzo
added 2020/06/22 12:0 a.m.14 views

Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 3 (7.5.1-737)

The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. Vulnerability id: PSBM-130586 VM disk resize functionality could stop working for non-root users after upgrading to version 7.5.1...

6.9AI score
Exploits0
Virtuozzo
Virtuozzo
added 2020/06/14 12:0 a.m.23 views

Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 11 (VA MN: 7.0.2-649, VA Agent: 7.0.2-372)

Hotfix 11 for Virtuozzo Automator 7.0.2 provides stability and usability fixes. Vulnerability id: PVA-37488 Changing VM's OS distribution via API calls could reset the 'cpulimit' and 'iolimit' values. Vulnerability id: PVA-37495 VA Agent did not return the 'counterioused' value. Vulnerability id:...

2.4AI score
Exploits0
Prion
Prion
added 2020/06/02 9:15 p.m.16 views

Code injection

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

5CVSS7.5AI score0.01268EPSS
Exploits1References4Affected Software1
Virtuozzo
Virtuozzo
added 2020/05/28 12:0 a.m.15 views

Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 2 (7.5.1-736)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. All customers that use CloudBlue Cloud Infrastructure Automation with Virtuozzo Hybrid Server 7.5 and newer are strongly recommended to install the hotfix. Vulnerability id: PSBM-125586 Cloud...

1.5AI score
Exploits0
Rows per page
Query Builder