IBM Jazz Reporting Service (JRS) Cross-Site Scripting Vulnerability

IBM Jazz Reporting Service is an optional component of IBM Rational Reporting for Development Intelligence. IBM Jazz Reporting Service JRS has a cross-site scripting vulnerability in the Report Builder and Data Collection Component DCC implementations. A remote attacker could exploit this...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...

The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...

The vulnerability of the Thunderbird email client, which allows a malicious individual to execute arbitrary code or trigger a service failure.

Mozilla Thunderbird’s email client contains a vulnerability related to the use of memory after it is freed in the JavaScript engine when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption...

The vulnerability of the Firefox ESR browser allows a malicious individual to execute arbitrary code or trigger a service failure.

The Mozilla Firefox ESR browser contains a vulnerability related to memory usage during JavaScript execution when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption during garbage collection...

The vulnerability of the Firefox browser, which allows a malicious individual to execute arbitrary code or trigger a service denial

The Mozilla Firefox browser contains a vulnerability related to memory usage during JavaScript execution when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption during garbage collection...

PHP memory misreference vulnerability (CNVD-2016-04370)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in PHP's GC algorithm and unserialize function, which can be exploited by remote attackers to execute...

Troubleshooting Checklist: Cannot send emails using Secure Mail

Do the following: Collect Secure Mail logs from the device. If you see HTTP 413 in the logs, there are client certificate errors. Run the Secure Mail Test Application. Collect Exchange Server logs. For details, see the Microsoft documentation. Additional Resources: FullXenMobile Deployment Handbo...

Traveling to US? Agencies want to Spy on your Social Media activities right from Airport

Hey! Welcome to the United States. May we have your Twitter handle, please? That's exactly what you'll likely be asked by the U.S. Customs and Border Protection at the airport prior to entering U.S. soil. Yes, your Twitter handle may soon be part of the US Visa process as U.S. Customs and Border...

CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

UBUNTU-CVE-2016-5773

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

Mobile Advertising Firm Found Tracking Users To Pay $950K

After settling charges with the Federal Trade Commission this week a mobile advertising company will pay nearly $1M after it was determined the company tracked customers – including children – without their consent. InMobi, an India-based firm with offices across the world, will pay $950,000 in...

OracleVM 3.2 : sos (OVMSA-2016-0078)

The remote OracleVM system is missing necessary patches to address critical security updates : - add patch to remove all sysrq echo commands from sysreport.legacy John Sobecki orabug 11061754 - comment out rh-upload-core and README.rh-upload-core in specfile - Strip passwords from grub.conf and...

NSA wants to Exploit Internet of Things and Biomedical Devices

The cyber attack vectors available to hackers will continue to grow as the Internet of Things IoTs become more commonplace, making valuable data accessible through an ever-widening selection of entry points. Although it's not the hackers alone, the NSA is also behind the Internet of Things. We...

Arbitrary File Write Vulnerability in SiteServer CMS Backend

SiteServer CMS is a website content management system developed by Beijing Billion Software Technology Development Co., Ltd. and is widely used in state ministries, group companies and large-scale portal sites. The information collection function in the management background of SiteServer CMS doe...

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

Updated python27 packages are now available as a part of Red Hat Software Collections 2.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Adobe Flash - Type Confusion in FileReference Constructor

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If a watch is set on one of these properties, code can be...

Adobe Flash - Type Confusion in FileReference Constructor

Adobe Flash - Type Confusion in FileReference Constructor Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If ...

Adobe Flash - Type Confusion in FileReference Constructor

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If a watch...

CVE-2016-1662

extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...