[SECURITY] Fedora 39 Update: fbthrift-2023.10.16.00-1.fc39

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: February 2014

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: February 2014 Summary This article describes the update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 that is dated February 2014. This update rollup package includes performance and reliability improvemen...

Adobe Flash Player Integer Underflow Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Integer Underflow Remote Code Execution", 'Description' = %q This module exploits a vulnerability found in the...

Adobe Flash Player Integer Underflow Remote Code Execution

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of th...

MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free", 'Description' = %q This module exploits an use after free condition on...

Design/Logic Flaw

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2014-2091

creationtimestamp| type| source ---|---|--- 2014-02-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39107...

flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows...

CVE-2014-0502

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows...

Double free

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows...

February 2014 Security Bulletin Webcast and Q&A

Today we published the February 2014 Security Bulletin Webcast Questions & Answers page. We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin MS14-005 and the revision to Security Advisory 2915720. One question that was not answered on air has been...

VulnCheck KEV: CVE-2014-6293

SQL injection vulnerability in the Statistics kestats extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014...

Assessing risk for the February 2014 security updates

Today we released seven security bulletins addressing 31 unique CVE’s. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for you...

Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release

Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be...