As the Internet of Things develops, embedded devices are being deployed in environments where attackers can take advantage of source code level security vulnerabilities. Embedded software developers ...

Mac OS X's Installer utility has a format string bug that can be triggered by maliciously crafted package file names, according to the Month of Apple Bugs project. "This is another issue related with ...

Palo Alto Networks has published an advisory about its Palo Alto GlobalProtect SSL VPN solution which is used by many organizations. The advisory was a response to research carried out by Orange Tsai ...

The US cyber security authority CISA warns that older vulnerabilities in several Fortinet products are currently under attack. It has included the vulnerability in the Known Exploited Vulnerabilities ...

Because many embedded systems have not historically been connected to networks, or since it was reasonable to expect that the devices would operate in a trusted environment, there’s been relatively ...

Security researchers from Croatia-based security firm DefenseCode claim to have found a critical remote code execution vulnerability in the UPnP (Universal Plug and Play) implementation developed by ...

IT security researchers have discovered five security vulnerabilities in Ghostscript. Attackers can, for example, bypass the sandbox and execute arbitrary code. A proof-of-concept exploit is publicly ...

Networking device maker Zyxel is warning customers today of a new critical remote code execution (RCE) vulnerability impacting three models of its Networked Attached Storage (NAS) products. The ...

Topic ===== format string vulnerability in gftp. Problem Description ===== gftp versions prior to 2.0.8 have a problem with format strings allowing malicious ftp servers to potentially execute code on ...