CVE-2017-11035

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "smesetfties" and "csrroamissueftpreauthreq" due to incorrect initialization of WEXT callbacks and lack of the checks for...

Buffer overflow

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "smesetfties" and "csrroamissueftpreauthreq" due to incorrect initialization of WEXT callbacks and lack of the checks for...

Highly Customizable Raspberry Pi USB Attack Platform: P4wnP1

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W required for HID backdoor. Introduction the Windows LockPicker unlock Windows boxes with weak passwords, fully automated by attaching P4wnP1 the HID covert channel backdoor Get remote...

tigervnc and fltk security, bug fix, and enhancement update

fltk 1.3.4-1 - Re-base to 1.3.4 + sync with Fedora tigervnc 1.8.0-1 - Update to 1.8.0 Resolves: bz1388620 1.7.90-2 - Make RandR callbacks optional Resolves: bz1444948 1.7.90-1 - Update to 1.7.90 Resolves: bz1388620 1.7.1-3 - Delete underlying ssecurity in SSecurityVeNCrypt CCVE-2017-7392 Resolves...

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing t...

Xen Hypervisor Multiple Vulnerabilities (XSA-213 - XSA-215)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getuser function due to permissions for accessing MMIO ranges being checked only after accessing them. A...

Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

chromium-browser: use-after-free related to extensions

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted extension...

[SECURITY] Fedora 23 Update: rubygem-activemodel-4.2.3-2.fc23

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

Racing MIDI messages in Chrome

This is a guest blog post by Oliver Chang from the Chrome Security team. This post is about an exceptionally bad use after free bug in Chrome’s browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web...

UBUNTU-CVE-2015-6767

Use-after-free vulnerability in content/browser/appcache/appcachedispatcherhost.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance...

KLA10670 Multiple vulnerabilities in Adobe products

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Type confusion,...

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends t...

Apple Mac OSX Install.Framework - Arbitrary mkdir / unlink and chown to Admin Group

Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends the IFInstallRunner Distributed Object, which has the following method:...

UBUNTU-CVE-2015-6660

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...

Tasks, microtasks, queues and schedules

When I told my colleague Matt Gaunt I was thinking of writing a piece on microtask queueing and execution within the browser's event loop, he said "I'll be honest with you Jake, I'm not going to read that". Well, I've written it anyway, so we're all going to sit here and enjoy it, ok? Actually, i...

DEBIAN-CVE-2014-9732

The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...

CVE-2015-3358

Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that 1 enable and disable modules or 2 change variables...