Scientific Linux Security Update : nss on SL6.x i386/x86_64 (20170530)

Security Fixes : - A NULL pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. CVE-2017-7502 Bug Fixes : - The Network Security Services NSS code and Certificate Authority CA...

Scientific Linux Security Update : nss on SL7.x x86_64 (20170530)

Security Fixes : - A NULL pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. CVE-2017-7502 Bug Fixes : - The Network Security Services NSS code and Certificate Authority CA...

RHEL 6 : nss (RHSA-2017:1364)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1364 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

HTTP/2 push is tougher than I thought

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in. HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it ...

RedHat Update for nss RHSA-2017:1365-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)

The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...

Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit

Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...

Apple macOS - '32-bit syscall exit' Kernel Register Leak

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in...

Moderate: Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2017-0254

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1,...

Remote code execution

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1,...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerability (KB3191835)

This host is missing an important security update for Microsoft Office Compatibility Pack according to Microsoft KB3191835. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3191835)

A security vulnerability exists in Microsoft Office Compatibility Pack Service Pack 3 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Carbanak Attackers Devise Clever New Persistence Trick

Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. The technique involves creating a bogus instance of a Microsoft Windows app compatibility feature. On Wednesday, Mandiant, FireEye...

pydantic

Pydantic Validation !CIhttps://img.shields.io/github/acti...

ECMAScript modules in browsers

ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...

Veeam ONE 9.5 compatibility with Veeam Cloud Connect 9.5 Update 2

Challenge Veeam ONE needs to support Veeam Cloud Connect 9.5 Update 2 monitoring. There is a fix that has to be deployed on the Veeam ONE server monitoring the Cloud Connect server of the service provider Cause There are new types of data implemented with the release of Veeam Cloud Connect 9.5...

FreeBSD : codeigniter -- multiple vulnerabilities (df0144fb-295e-11e7-970f-002590263bf5)

The CodeIgniter changelog reports : Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryptio...

Fedora 25 : ming (2017-d43d46f1ca)

Release 0.4.8 no ABI or API changes - Add PHP7 compatibility - Fix C++ output of disassembler - Fix heap overflows in parser.c CVE-2017-7578 - Avoid division by zero in listmp3 when no valid frame was found CVE-2016-9265 - Don't try printing unknown block CVE-2016-9828 - Parse Protect tag's...

Fedora 24 : ming (2017-ed6b6a1d7a)

Release 0.4.8 no ABI or API changes - Add PHP7 compatibility - Fix C++ output of disassembler - Fix heap overflows in parser.c CVE-2017-7578 - Avoid division by zero in listmp3 when no valid frame was found CVE-2016-9265 - Don't try printing unknown block CVE-2016-9828 - Parse Protect tag's...