[SECURITY] Fedora 19 Update: php-pecl-xhprof-0.9.4-1.fc19

XHProf is a function-level hierarchical profiler for PHP. This package provides the raw data collection component, implemented in C as a PHP extension. The HTML based navigational interface is provided in the "xhprof" package...

Threat Outbreak Alert: Fake Debt Collection Notification Email Messages on October 1, 2013

Medium Alert ID: 31067 First Published: 2013 October 1 14:40 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claims to contain a debt collection notification for the recipient. The text in the email message attempts to...

Alexander: 'FISA is the Key to Connecting the Dots'

WASHINGTON–Faced with trying to accomplish its mission in an environment that suddenly has become quite hostile and inquisitive about its methods, the National Security Agency is becoming more and more public about the challenges that lie ahead and how the agency plans to address them. One of the...

FISC: No Phone Company Ever Challenged Metadata Collection Orders

A newly declassified opinion from the Foreign Intelligence Surveillance Court from this summer shows the court’s interpretation of the controversial Section 215 of the USA PATRIOT Act that’s used to justify the National Security Agency’s bulk telephone metadata collections, and reveals that none ...

CVE-2013-1738

Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...

Design/Logic Flaw

Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...

CVE-2013-1738

CVE-2013-1738 describes a use-after-free in Mozilla’s JS_GetGlobalForScopeChain, enabling remote code execution via mismanaged garbage collection in default compartments during frame-chain restoration. Affected products from the provided data include Mozilla Firefox (before 24.0), Thunderbird (be...

CVE-2013-1738

Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...

CVE-2013-1738

Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...

GC hazard with default compartments and frame chain restoration — Mozilla

Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger...

Moderate: Red Hat Security Advisory: Red Hat Storage Console 2.1 security update

Updated Red Hat Storage Console packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Storage Server 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

DNI Releases FISC Docs, But Legislators Say Much More Remains Hidden

The federal government has released hundreds of pages of documents, including orders and opinions from the secretive Foreign Intelligence Surveillance Court, related to the NSA’s surveillance programs, but legislators who have been involved in the process say that there still are significant...

Multi Gather Firefox Signon Credential Collection

This module will collect credentials from the Firefox web browser if it is installed on the targeted machine. Additionally, cookies are downloaded. Which could potentially yield valid web sessions. Firefox stores passwords within the signons.sqlite database file. There is also a keys3.db file whi...

NSA misused PRISM - Spied on Al Jazeera, bugged UN headquarters and used for personal spying

Before NSA said that they has zero tolerance for willful violations of the agency’s authorities, but NSA had violated privacy rules on thousands of occasions. According to documents seen by SPIEGEL, Arab news broadcaster Al Jazeera was spied on by the National Security Agency. The US intelligence...

Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional

Newly declassified documents released in response to a Freedom of Information Act request by the EFF show that the secret Foreign Intelligence Surveillance Court in 2011 declared that the National Security Agency’s techniques for collecting upstream Internet communications was unconstitutional an...

Design/Logic Flaw

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service instance shutdown and data-collection outage via crafted C37.118 configuration packets that trigger an invalid read operation...

CVE-2013-2800

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service memory consumption or memory corruption, instance shutdown, and data-collection outage via crafted C37.118 configuration packets...

Memory corruption

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service memory consumption or memory corruption, instance shutdown, and data-collection outage via crafted C37.118 configuration packets...

CVE-2013-2800

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service memory consumption or memory corruption, instance shutdown, and data-collection outage via crafted C37.118 configuration packets...

CVE-2013-2904

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element...