CVE-2014-9799

CVE-2014-9799 concerns Android on Nexus 5 and 7 (2013) devices before 2016-07-05, where a Qualcomm makefile omits -fno-strict-overflow, potentially enabling local privilege escalation via crafted apps that exploit incorrect compiler optimization of an integer-overflow protection mechanism. The is...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to the incorrect implementation of deferred optimization. Exploiting this vulnerability allows malicious actors, operating remotely, to cause a service failure a memory-related error or otherwise affect the system by using specially craft...

A year of Windows kernel font fuzzing #2: the techniques

Posted by Mateusz Jurczyk of Google Project Zero In part 1 of the series see here, we discussed the motivation and outcomes of our year long fuzzing effort against the Windows kernel font engine, followed by an analysis of two bug collisions with Keen Team and Hacking Team that ensued as a result...

CVE-2016-4472

CVE-2016-4472 affects the Expat XML parser: overflow protections can be removed by compilers with certain optimizations, allowing remote attackers to cause a crash or potentially execute code via crafted XML. The entry notes this stems from an incomplete fix for CVE-2015-1283 and CVE-2015-2716. C...

SOL82747025 - GraphicsMagick vulnerability CVE-2016-5118

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Riverbed SteelCentral Detection Consolidation

Consolidation of Riverbed SteelCentral detections. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

The vulnerability in the browser kernel V8, which allows a hacker to trigger a service failure or cause other effects

The vulnerability of the objects.cc component in the V8 browser kernel arises due to incorrect restrictions on optimization. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or other effects by using specially crafted JavaScript code...

expat2 -- denial of service

Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...

Is it possible to optimize SSH or SFTP connections?

QUESTION: Is it possible to optimize SSH or SFTP connections? ANSWER: SSH and SFTP are encrypted traffic: SSH one-time encrypted data stream and SFTP goes over the SSH port CloudBridge can only optimize with flow-control-only but won't be able to compress it...

CVE-2016-4053

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes ESI responses, related to incorrect use of assert and compiler optimization...

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

American Fuzzy Lop Utilities: afl-utils

Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization afl-utils is a collection of utilities to assist fuzzing with american-fuzzy-lop afl . afl-utils includes tools for: automated crash sample collection, verification, reduction and analys...

Qemu Information Disclosure Vulnerability (CNVD-2016-02391)

QEMU is a suite of analog processor software. A vulnerability in Qemu's kvmvapic.c when using Task Priority Register TPR optimization allows a local attacker to exploit the vulnerability to obtain host-sensitive information...

engagementoptimization.com XSS vulnerability

Vulnerable URL: https://www.engagementoptimization.com/external-link.jspa?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8982636 Google Pagerank|...

[SECURITY] Fedora 24 Update: xstream-1.4.9-1.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

[FAQ]: Is ICA or CGP recommended on high latency links when traffic is being optimized?

Question: Is ICA or CGP recommended on high latency links when traffic is being optimized? Answer: CGP is recommended on high latency links because CGP has a fixed buffer size on the server and on long latency links, despite CB TCP optimizations, the server won’t send data faster its waiting for ...

Fedora 21 : dovecot-2.2.19-1.fc21 (2015-780302029a)

dovecot updated to 2.2.19 mdbox: Rebuilding could have caused message's reference count to overflow the 16bit number in some situations, causing problems when trying to expunge the duplicates. Various search fixes fts, solr, tika, lib-charset, indexer Various virtual plugin fixes Various fixes...

MyBB < 1.6.10 Multiple Vulnerabilities

Binary data 9119.prm...

Adobe Flash - SimpleButton Creation Type Confusion

Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created i...

Adobe Flash - SimpleButton Creation Type Confusion

Adobe Flash - SimpleButton Creation Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this objec...