openSUSE: Security Advisory for Security (openSUSE-SU-2016:1211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 46.0 fixes several security issues and bugs boo977333. The following vulnerabilities were fixed: - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39 boo977373 - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39 boo977375 -...

Deobfuscating Python Bytecode

Introduction During an investigation, the FLARE team came across an interesting Python malware sample MD5: 61a9f80612d3f7566db5bdf37bbf22cf that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we...

chromium-browser: information leak in v8

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

CVE-2016-4053

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes ESI responses, related to incorrect use of assert and compiler optimization...

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting

Exploit for iOS platform in category web applications Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability Product & Service Introduction: =============================== This is an ios c app,you can learn,run,share c code. The software is a offline compiler f...

CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting

CC++ Offline Compiler and C For OS - Persistent Cross-Site Scripting Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14...

CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

Out-of-bounds

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

CVE-2016-1653

Removed by vendor...

Dynamic Tracing Tools for Linux: BCC

BCC – BPF Compiler Collection – is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of eBPF Extended Berkeley Packet Filters, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Lin...

SUSE SLED12 / SLES12 Security Update : gcc5 (SUSE-SU-2016:0963-1)

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The update package also includes...

SUSE-SU-2016:0963-1 Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

SUSE SLED11 / SLES11 Security Update : gcc5 (SUSE-SU-2016:0908-2)

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The update package also includes...

SUSE-SU-2016:0908-2 Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

Regular Expression Denial of Service

Overview Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability. Recommendation Update to version 2.3.22 or later. References - Issue 46 - GitHub Advisory...

Integer overflow

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary...

CVE-2016-0989

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a deni...