155 matches found
Chrome Security Team Tackles 'Friendly Fire' To Keep Browser Safe
MIAMI— What is life like in the security trenches inside Google’s Chrome browser security team? From the perspective of Justin Schuh, lead engineer of Chrome Security, it’s balancing act where he has to juggle OEM pressures, questionable certificate authorities and quashing third-party software...
F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
Security update for MozillaFirefox (important)
This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memory...
openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)
This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 - CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memo...
Cumulative Update for Windows 10 Version 1511: January 12, 2016
Cumulative Update for Windows 10 Version 1511: January 12, 2016 Summary This security update for Windows 10 Version 1511 includes improvements in the functionality of Windows 10 Version 1511 and resolves the following vulnerabilities in Windows: 3124605 MS16-008: Security update for Windows kerne...
DEBIAN-CVE-2016-6323
The makecontext function in the GNU C Library aka glibc or libc6 before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI 32-bit platforms, which might allow context-dependent attackers to cause a denial of service hang, as demonstrated by applications compiled using gccg...
The vulnerability of the Firefox ESR browser allows a malicious individual to circumvent window object restrictions.
The Mozilla Firefox ESR browser contains a vulnerability related to incompatibility with JavaScript software components. Exploiting this vulnerability allows malicious actors to bypass window object restrictions by utilizing incompatibility in the original method-extractors of various JavaScript...
The vulnerability of the Thunderbird email client, which allows a malicious actor to circumvent window object restrictions
Mozilla Thunderbird’s email client contains a vulnerability related to incompatibility between JavaScript components. Exploiting this vulnerability allows malicious actors to bypass window object restrictions by utilizing incompatibility in the original JavaScript method receivers...
Missing Access Check in TYPO3 CMS
It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...
SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2016:0010-1)
This update for kvm fixes the following issues : Security issues fixed : - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. bsc957162 - CVE-2015-8345: A infinite loop in...
Network name cannot contains the following symbols: ~`!@#$%^&*+=;'><|?*:"
Challenge When attempting to assign an Isolated Network name, the following error occurs: Network name cannot contains the following symbols: !@$%^&+=;'|?:" To allow a specific symbol, remove that symbol from the va...
SUSE: Security Advisory for OpenVPN (SUSE-SU-2014:1605-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : mailman on SL6.x i386/x86_64 (20150722)
It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 It was found that mailman stored private email messages in a world- readable directory. A local use...
Moderate: Red Hat Security Advisory: mailman security and bug fix update
Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...
kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...
kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...
Define the security for which plugins can be used by which users on which pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...
Installation Fails with Patched Database
Article Applicability The issue documented on this KB is only relevant to Veeam Backup & Replication versions prior to v10. Starting with v10, a different error occurs for the same reason and is documented on KB4204. Challenge When installing Veeam Backup & Replication, selecting an existing...
DSA-2699-1 iceweasel - several
Bulletin has no description...