Lucene search
K

155 matches found

ThreatPost
ThreatPost
added 2017/04/06 2:27 p.m.19 views

Chrome Security Team Tackles 'Friendly Fire' To Keep Browser Safe

MIAMI— What is life like in the security trenches inside Google’s Chrome browser security team? From the perspective of Justin Schuh, lead engineer of Chrome Security, it’s balancing act where he has to juggle OEM pressures, questionable certificate authorities and quashing third-party software...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/02/10 12:0 a.m.84 views

F5 TLS vulnerability (CVE-2016-9244) (Ticketbleed)

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

5CVSS7.8AI score0.74EPSS
Exploits7
OPENSUSE Linux
OPENSUSE Linux
added 2017/02/02 12:13 a.m.83 views

Security update for MozillaFirefox (important)

This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memory...

0.3AI score0.33434EPSS
Exploits24References22
Tenable Nessus
Tenable Nessus
added 2017/02/02 12:0 a.m.54 views

openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)

This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 - CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memo...

9.8CVSS7.7AI score0.33434EPSS
Exploits24References46
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.7 views

Cumulative Update for Windows 10 Version 1511: January 12, 2016

Cumulative Update for Windows 10 Version 1511: January 12, 2016 Summary This security update for Windows 10 Version 1511 includes improvements in the functionality of Windows 10 Version 1511 and resolves the following vulnerabilities in Windows: 3124605 MS16-008: Security update for Windows kerne...

7.3AI score
Exploits0
OSV
OSV
added 2016/10/07 2:59 p.m.4 views

DEBIAN-CVE-2016-6323

The makecontext function in the GNU C Library aka glibc or libc6 before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI 32-bit platforms, which might allow context-dependent attackers to cause a denial of service hang, as demonstrated by applications compiled using gccg...

7.5CVSS7.7AI score0.03841EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Firefox ESR browser allows a malicious individual to circumvent window object restrictions.

The Mozilla Firefox ESR browser contains a vulnerability related to incompatibility with JavaScript software components. Exploiting this vulnerability allows malicious actors to bypass window object restrictions by utilizing incompatibility in the original method-extractors of various JavaScript...

5CVSS7AI score0.03889EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the Thunderbird email client, which allows a malicious actor to circumvent window object restrictions

Mozilla Thunderbird’s email client contains a vulnerability related to incompatibility between JavaScript components. Exploiting this vulnerability allows malicious actors to bypass window object restrictions by utilizing incompatibility in the original JavaScript method receivers...

5CVSS7AI score0.03889EPSS
Exploits1References5Affected Software1
Typo3
Typo3
added 2016/05/24 12:0 a.m.500 views

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...

8.7AI score0.02575EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/01/12 12:0 a.m.45 views

SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2016:0010-1)

This update for kvm fixes the following issues : Security issues fixed : - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. bsc957162 - CVE-2015-8345: A infinite loop in...

9CVSS7.3AI score0.0773EPSS
Exploits0References11
Veeam
Veeam
added 2015/11/16 12:0 a.m.16 views

Network name cannot contains the following symbols: ~`!@#$%^&*+=;'><|?*:"

Challenge When attempting to assign an Isolated Network name, the following error occurs: Network name cannot contains the following symbols: !@$%^&+=;'|?:" To allow a specific symbol, remove that symbol from the va...

6.7AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2015/10/13 12:0 a.m.21 views

SUSE: Security Advisory for OpenVPN (SUSE-SU-2014:1605-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.2AI score0.03478EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/08/04 12:0 a.m.29 views

Scientific Linux Security Update : mailman on SL6.x i386/x86_64 (20150722)

It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 It was found that mailman stored private email messages in a world- readable directory. A local use...

7.6CVSS7.7AI score0.07964EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/07/20 2:6 p.m.41 views

Moderate: Red Hat Security Advisory: mailman security and bug fix update

Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

7.6CVSS7.2AI score0.07964EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2015/01/05 7:48 p.m.2 views

kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...

7.8CVSS6.6AI score0.01504EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/12/22 7:13 p.m.0 views

kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...

7.8CVSS6.6AI score0.01504EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/12/22 6:51 p.m.1 views

kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...

7.8CVSS6.6AI score0.01504EPSS
Exploits8References4
Atlassian
Atlassian
added 2014/06/26 8:0 p.m.24 views

Define the security for which plugins can be used by which users on which pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-34095. panel This is a request for a new feature which could restrict/define the usage of specific plugins/macros to only allow...

2.5AI score
Exploits0Affected Software1
Veeam
Veeam
added 2013/12/19 12:0 a.m.13 views

Installation Fails with Patched Database

Article Applicability The issue documented on this KB is only relevant to Veeam Backup & Replication versions prior to v10. Starting with v10, a different error occurs for the same reason and is documented on KB4204. Challenge When installing Veeam Backup & Replication, selecting an existing...

7.6AI score
Exploits0Affected Software1
OSV
OSV
added 2013/06/02 12:0 a.m.23 views

DSA-2699-1 iceweasel - several

Bulletin has no description...

10CVSS6.8AI score0.10893EPSS
Exploits6
Rows per page
Query Builder