Downloads Resources over HTTP

Overview Affected versions of unicode-json insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...

Downloads Resources over HTTP

Overview Affected versions of air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP

Overview Affected versions of geoip-lite-country insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and...

Downloads Resources over HTTP

Overview Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP

Overview Affected versions of alto-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Downloads Resources over HTTP

Overview Affected versions of chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded...

ALPINE-CVE-2016-8909

The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...

CVE-2016-8909

The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...

CVE-2016-8909

The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...

UBUNTU-CVE-2016-8909

The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...

iTrack Easy Authentication Mechanism Bypass Vulnerability

The iTrack Easy is a versatile Bluetooth device. The iTrack Easy fails to implement an authentication mechanism, which can be exploited by a remote attacker to modify the GPS data of a lost device using the 'parametercmd:setothergps' function...

Code injection

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

The vulnerability of the Firefox browser, which allows a malicious actor to bypass domain restriction rules

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of class functions. Exploiting this vulnerability allows malicious actors to circumvent Domain Restrictions Policy SOP rules and gain access to confidential information through the use of IFrame elements...

The use of SSRF vulnerability to take over the APP server-the vulnerabilities and early warning-the black bar safety net

SSRF attack refers to an attacker forcibly control the presence of vulnerabilities of the server,thereby sending a malicious request to a third party server or internal resources. And then use the vulnerability to launch specific attacks,such as cross-site port attacks,service enumeration, and a...

graphite2 security, bug fix, and enhancement update

1.3.6-1 - Related: rhbz1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 1.3.5-1 - Resolves: rhbz1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 1.2.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora24MassRebuild 1.2.4-5 - Rebuilt for...

mAIS - Ship Position Reporting - External URLs vulnerabilities

HackApp vulnerability scanner discovered that application mAIS - Ship Position Reporting published at the 'play' market has multiple vulnerabilities...

About the security content of Apple Software Update 2.2

About the security content of Apple Software Update 2.2 This document describes the security content of Apple Software Update 2.2. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or...

F5 BIG-IP - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

GPS satellite positioning platform vulnerability disaster, the user location information in an emergency-vulnerability warning-the black bar safety net

Recently, the press exposure a lot of plays through the GPS positioning device trace abduction. By on the market on some of the GPS positioning device research, found that these GPS positioning system background using a common set of procedures, its Cloud Platform on the presence of multiple...