CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

Deploying CloudBridge Virtual WAN in Virtual Inline Mode with Additional Internet Link

This article addresses the deployment of a CloudBridge Virtual WAN Appliance in Virtual Inline Mode, also known as One-Arm Mode or Policy Based Routing PBR Mode. Additional Resources CTX213584 - Deploying CloudBridge Virtual WAN in Virtual Inline Mode with Additional Internet Link...

CVE-2016-2461

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...

[SECURITY] Fedora 23 Update: parallel-20160222-1.fc23

GNU Parallel is a shell tool for executing jobs in parallel using one or mo re machines. A job is typically a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of file s, a list of hosts, a list of users, or a list of tables. If yo...

April 2016 Security Update Release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

Slack: Bypass two-factor authentication

If a user set 2FA, a user has to enter verification code when a user tries to reset password. Under the "Password Reset" page, a user can enter wrong two-factor authentication code many times. I said "many times" because your bug bounty policy stated... Exclusions Issues found through automated...

Linux video memory DOS with Intel drivers — Mozilla

Security researcher Ucha Gobejishvili reported a denial of service DOS attack when doing certain WebGL operations in a canvas requiring an unusually large amount buffer to be allocated from video memory. This resulted in memory resource exhaustion with some Intel video cards, requiring the comput...

February 2016 Security Update Release Summary

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

Design/Logic Flaw

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

CVE-2016-1905

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

January 2016 Security Update Release Summary

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

[SECURITY] Fedora 23 Update: cups-filters-1.4.0-1.fc23

Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...

Microsoft Revoves Trust for eDellroot Certficates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers. In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed...

damarww.com XSS vulnerability

Vulnerable URL: https://www.damarww.com/additionalimages.asp?image=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 727107 Google...

[SECURITY] [DSA 3355-1] libvdpau security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3355-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini September 10, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3355-1] libvdpau security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3355-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini September 10, 2015 https://www.debian.org/security/faq -...

RIG Exploit Kit Landing Page

RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

Debian DLA-134-1 : curl security update

Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...

Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change

!/bin/bash Shuttle Tech ADSL Modem-Router 915 WM Unauthenticated Remote DNS Change Exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Description: The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS...

DLA-134-1 curl - security update

Bulletin has no description...