A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
Yearly Archives: 2022
Facebook and Microsoft are the most impersonated brands in phishing
Facebook jumped to the top spot in the 20 most impersonated brands by phishers in 2021, representing 14% of phishing pages, according to Vade’s annual Phishers’ Favorites report.
Microsoft, with 13%, placed second, according to the report, which analyzed full-year phishing data captured by Vade, a company that offers an email filtering service for phishing, malware, spear phishing, and spam.
Senate Passes Strengthening American Cybersecurity Act
Legislation requiring critical infrastructure operators to report cyber-attacks within 72 hours goes to House
Cyber-Criminals Exploit Invasion of Ukraine
Vulnerabilities in Over 100k Medical Infusion Pumps
Security researchers find 75% of smart infusion pumps are susceptible to known vulnerabilities
CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.