OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...

App Layering error "A failure occurred while publishing the Layered Image: "Failed scanning a directory for files” because of Microsoft.MicrosoftOfficeHub

App Layering 4.0 - 4.5: The Enterprise Layer Manager ELM fails while publishing an image. Error:"A failure occurred while publishing the Layered Image. Failed scanning a directory for files" Unidesk 2.x/3.x: The CachePoint Appliance fails while creating a desktop. Error: "Failed to copy folders...

Inside the Kronos malware – part 1

Recently, a researcher nicknamed MalwareTech famous from stopping the WannaCry ransomware got arrested for his alleged contribution to creating the Kronos banking malware. We are still not having a clear picture whether the allegations are true or not - but let's have a look at Kronos itself...

Brave Software: Download attribute allows downloading local files

Summary: The attribute download in a a tag allows for download the href target to file and saving it locally. In mozilla and chrome, it is forbidden to download local file via file:// .., in Brave however this is not enforced and it is not clear to the user if they are downloading something remot...

CVE-2017-7788

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...

USN-3381-1 linux vulnerabilities

Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information kernel memory. CVE-2016-8405 It was discovered that the Linux kernel did not properly restrict RLIMITSTACK...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

ImageMagick 'GetImageDepth' Function Denial of Service Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in the 'GetImageDepth' function of the MagickCore/attribute.c file in ImageMagick...

Information Disclosure

Moodle is vulnerable to information disclosure. Attackers are able to obtain sensitive URL information through the Referer log because it doesn't correctly restrict links with the blank attribute...

WebKit - WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free Exploit

Exploit for multiple platform in category dos / poc div visibility: collapse function eventhandler document.execCommand"bold", false; img.style.removeProperty"-webkit-appearance"; img.setAttribute"aria-expanded", "false"; aaa !-- =================================================================...

OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...

FreeRADIUS 'dhcp_attr2vp()' Function Denial of Service Vulnerability

FreeRADIUS is a set of software that implements the RADIUS protocol from the FreeRADIUS Server project. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor...

Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1265)

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Shopify: XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter

Description Shopify allows developers to embed widgets containing product info on third-party websites via "widgets.shopifyapps.com". When the widget is rendered the shop attribute is not filtered allowing any website not just Shopify shops to be specified. By providing an attacker controlled...

Khan Academy: XSS through document projects

Hello, I'm Ethan Luis McDonough @elmt2 on Khan Academy, and I found a way to inject scripts into document projects. Since KA document projects output HTML, I can edit the PUT request that updates projects https://www.khanacademy.org/api/internal/scratchpads/ID and inject JavaScript code inside an...

Apache Ignite Information Disclosure Vulnerability

Apache Ignite is the United States Apache Apache Software Foundation's set of high-performance, integrated and distributed for large-scale data set processing in-memory computing and transaction management platform. An information disclosure vulnerability exists in Apache Ignite versions 1.0.0-RC...

The vulnerability of the read_attribute function in the GnuTLS library, related to the occurrence of operations outside the buffer boundaries in memory, allows attackers to compromise the integrity and accessibility of data.

The vulnerability of the readattribute function in the GnuTLS library is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to compromise the integrity and accessibility of data through a specially created OpenPGP certificate...

Cross-site Scripting (XSS)

slim is vulnerable to cross-site scripting XSS attacks. The attacks are possible because it does not sanitize the splat attribute names of a tag e.g., params. It allows a malicious user to trigger the XSS attack when the user gets control over the attributes of a tag...