CVE-2015-9253

CVE-2015-9253 affects PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and earlier than 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, system) with a non-blocking STDIN stream, causing the m...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...

UBUNTU-CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

PT-2018-4564 · Php +3 · Php +3

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 7.3.0alpha3 PHP versions prior to 7.2.8 PHP versions prior to 7.1.20 Description: An issue was discovered where the php-fpm master process restarts a child process in an endless loop when using program execution function...

CVE-2018-0138

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...

[SECURITY] Fedora 27 Update: squid-4.0.23-2.fc27

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

IMPORTANT: Web blocking / RAM usage announcement

On January 27, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it. For...

FreeBSD : chromium -- multiple vulnerabilities (1d951e85-ffdb-11e7-8b91-e8e0b747a45a)

Google Chrome Releases reports : 37 security fixes in this release, including : - 778505 Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson on 2017-10-26 - 762374 High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on...

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A cross-site request forgery vulnerability exists in Microsoft ASP.NET Core...

Ubuntu: Security Advisory (USN-3477-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Brave Browser JS fingerprinting blocking component access control error vulnerability

Brave Browser is a web browser from Brave Software.JS fingerprinting blocking component is one of the "fingerprinting" blocking components of the browser. An access control vulnerability exists in the JS fingerprinting blocking component of Brave Browser version 0.19.73 and earlier. An attacker...

CVE-2017-1000461

Brave Software's Brave Browser, version 0.19.73 and earlier is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality that the browser intends to block...

Design/Logic Flaw

Brave Software's Brave Browser, version 0.19.73 and earlier is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality that the browser intends to block...

CVE-2017-1000461

Brave Software's Brave Browser, version 0.19.73 and earlier is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality that the browser intends to block...

CVE-2017-1000461

Brave Browser (0.19.73 and earlier) is affected by CVE-2017-1000461 due to an incorrect access-control flaw in the JS fingerprinting blocking component. This vulnerability could allow a malicious website to access fingerprinting-related browser functionality that the browser intends to block. The...

[SECURITY] Fedora 27 Update: nodejs-8.9.3-2.fc27

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

openSUSE Security Update : chromium (openSUSE-2017-1349)

This update to Chromium 63.0.3239.84 fixes the following security issues : - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXM...