9293 matches found
November 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
November 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
November 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
tor/oss-fuzz-consensus: Heap-buffer-overflow in mock_crypto_pk_public_checksig__nocheck
Project: https://git.torproject.org/tor.git Detailed report: https://oss-fuzz.com/testcase?key=5170904637112320 Project: tor Fuzzer: libFuzzertoross-fuzz-consensus Fuzz target binary: oss-fuzz-consensus Job Type: libfuzzerasantor Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Crash...
chakra: Crash in Js::InterpreterStackFrame::ProcessUnprofiledExtendedOpcodePrefix
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=5984230245924864 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000001411 Crash State:...
tor/oss-fuzz-extrainfo: Use-of-uninitialized-value in memarea_strdup
Project: https://git.torproject.org/tor.git Detailed report: https://oss-fuzz.com/testcase?key=6117917679681536 Project: tor Fuzzer: libFuzzertoross-fuzz-extrainfo Fuzz target binary: oss-fuzz-extrainfo Job Type: libfuzzermsantor Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...
[SECURITY] Fedora 25 Update: procmail-3.22-44.fc25
Procmail can be used to create mail-servers, mailing lists, sort your incoming mail into separate folders/files real convenient when subscribing to one or more mailing lists or for prioritising your mail, preprocess your mail, start any programs upon mail arrival e.g. to generate different chimes...
[SECURITY] Fedora 26 Update: check-mk-1.2.8p26-1.fc26
check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...
psad - Intrusion Detection and Log Analysis with iptables
The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set o...
[SECURITY] Fedora 27 Update: check-mk-1.2.8p26-1.fc27
check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...
CVE-2017-15208
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...
Design/Logic Flaw
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...
Trend Micro OfficeScan 11.0XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro OfficeScan 11.0XG 12.0 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This modul...
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This module exploits the authentication bypass and command injection vulnerabili...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
October 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
Description of the security update for the Windows SMB vulnerabilities in Windows Server 2008: October 10, 2017
Description of the security update for the Windows SMB vulnerabilities in Windows Server 2008: October 10, 2017 Summary Vulnerabilities exist in Windows SMB that could allow remote code execution, denial of service, or information disclosure. To learn more about the vulnerabilities, go to the...
CVE-2017-15208
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...
CVE-2017-15208
In Kanboard prior to 1.0.47, an authenticated user can remove automatic actions from another user’s private project by altering form data. The CVE-2017-15208 issue arises from a server-side validation flaw that allows modifying project action state without proper authorization. Exploitation detai...