libyaml: Use-of-uninitialized-value in yaml_parser_scan_flow_scalar

Project: https://github.com/yaml/libyaml.git Detailed report: https://oss-fuzz.com/testcase?key=5607885063061504 Project: libyaml Fuzzer: libFuzzerlibyamlfuzzer Fuzz target binary: libyamlfuzzer Job Type: libfuzzermsanlibyaml Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address...

lcms: Heap-buffer-overflow in TetrahedralInterpFloat

Project: https://github.com/mm2/Little-CMS.git Detailed report: https://oss-fuzz.com/testcase?key=5036643692052480 Project: lcms Fuzzer: afllcmscmstransformfuzzer Fuzz target binary: cmstransformfuzzer Job Type: aflasanlcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address:...

Threat Outbreak Alert RuleID28358: Email Messages Distributing Malicious Software on March 17, 2017

Medium Alert ID: 53062 First Published: 2017 March 17 12:59 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28358 may contain the following files: Name | Si...

Preventing Automatic Updates on Windows 10 for Unidesk Desktops

If there are issues with your Desktops after Windows 10 Automatic Updates, you can disable automatic updates of Unidesk Desktops using a local GPO set on the Gold image or Operating System Layer...

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched WordPress REST API Endpoint vulnerability is the gift that keeps on giving. Already responsible for more than one million website defacements and attempts to monetize some of those attacks, the flaw also opens the door to a separate attack. Researchers at Sucuri who found the...

March 2017 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...

March 2017 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...

Product update: Virtuozzo Automator 7 Update 1 Hotfix 1

The new packages for Virtuozzo Automator 7 introducing usability bug fixes for the management node. Vulnerability id: PVA-36679 Hardware nodes with VMs stayed offline after upgrading the management node from version 6 to 7. Vulnerability id: PVA-36677 The 'vaconfig' tool was not installed with...

Port Scan Attack Detector: PSAD

Port Scan Attack Detector The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and...

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities

WordPress released a security update on Tuesday that patched a half-dozen bugs, including one that could be chained with the recent REST API Endpoint flaw that led to a million website defacements. Given that the bug was introduced in WordPress 4.7 and the availability of a patch that backports...

Threat Outbreak Alert RuleID27885: Email Messages Distributing Malicious Software on February 24, 2017

Medium Alert ID: 52756 First Published: 2017 February 27 17:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27885 may contain the following files: Name |...

Design/Logic Flaw

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically lo...

CVE-2017-6342

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically lo...

CVE-2017-6342

Affected software/hardware: Dahua DHI-HCVR7216A-S3 devices (NVR firmware 3.210.0001.10, camera firmware 2.400.0000.28.R, SmartPSS 1.16.1). Vulnerability summary: When SmartPSS is launched and on the login screen, the background process logs in as admin, enabling sniffing of sensitive information ...

Adobe Flash Player security vulnerability release

Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team...

Adobe Flash Player security vulnerability release

Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team...

RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD

RVM, by default, hooks cd and automatically parses a file named .versions.conf in the directory being changed to. The intention seems to be that, if the user's $rvmautoinstallbundlerflag setting is enabled, then .versions.conf can specify a Gemfile that will automatically be fed to bundle install...

Malware Information Sharing Platform: MISP

Malware Information Sharing Platform MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is...

[SECURITY] Fedora 25 Update: drupal7-title-1.0-0.7.alpha9.fc25

While working on the new content translation system http://api.drupal.org/api/group/fieldlanguage/7 for Drupal 7, we the Dr upal core i18n team faced the need to convert node titles to the Field API in o rder to make nodes fully translatable. We were not able to make this happen in Drupal 7 core ...

Threat Outbreak Alert RuleID27699: Email Messages Distributing Malicious Software on February 8, 2017

Medium Alert ID: 52606 First Published: 2017 February 8 15:10 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27699 may contain the following files: Name |...