CVE-2014-9785

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 2013 devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747...

OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...

chromium-browser: various fixes from internal audits

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Google Chrome DevTools Subsystem Access Restriction Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in Google Chrome prior to version 48.0.2564.109 due to the DevTools subsystem failing to validate the URL scheme and ensure that the remoteBase parameter is associated with the...

Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec

Someone just DDoSed one of the most critical organs of the Internet anatomy – The Internet's DNS Root Servers. Early last week, a flood of as many as 5 Million queries per second hit many of the Internet's DNS Domain Name System Root Servers that act as the authoritative reference for mapping...

Internet Root Name Servers DDoS Attack

An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses. The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million...

KLA10694 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, gain privileges, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete lis...

CVE-2015-1674

CVE-2015-1674 affects Windows kernel on Windows 8, Windows 8.1, Windows Server 2012 (Gold/R2) and Windows RT (gold/8.1). The vulnerability stems from the kernel not properly validating an unspecified address, enabling local attackers to bypass KASLR and to discover the cng.sys base address via a ...

Sensio Labs Symfony Security Bypass Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Sensio Labs...

USN-2347-1 python-django vulnerabilities

Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. CVE-2014-0480 David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume...

CVE-2014-0974

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

Memory corruption

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

UBUNTU-CVE-2014-3717

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service crash via a crafted kernel, which triggers a buffer overflow...

C2FO: User guessing/enumeration at https://app.c2fo.com/api/password-reset

Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: 1. Send a POST-Request to the url https://app.c2fo.com/api/password-reset as the following example shows: POST /api/password-reset HTTP/1.1...

CURL-CVE-2014-0139 IP address wildcard certificate validation

libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names CNs and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in th...

CVE-2013-4936

The IsDFPFrame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...

hypervkvpd security and bug fix update

0-0.7.0.1.el59.3 - Add support for oracle os 0-0.7.3 - Fix for one more file descriptor leak rhbz953502 0-0.7.2 - Validate Netlink source address CVE-2012-5532 rhbz953560 0-0.7.1 - Fix for file descriptor leak rhbz953502...

Open DNS Resolvers Center Stage in Massive DDoS Attacks

For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, ...

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...