CVE-2015-3753

CVE-2015-3753 affects WebKit used in Apple Safari (before 6.2.8, before 7.1.8 for 7.x, and before 8.0.8 for 8.x; on iOS prior to 8.4.1). The root cause is improper taint checking for CANVAS elements, which could allow remote attackers to bypass the Same Origin Policy and exfiltrate sensitive imag...

Kali Linux 2.0 - The Best Penetration Testing Distribution

So, what’s new in Kali 2.0? There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments gnome, kde, xfce, mate, e17, lxde, i3wm, updated desktop environment and tools – and the list goes on. Kali Linux is Now ...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1544)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1544 advisory. - IBM JDK: plain text data stored in memory dumps CVE-2015-1931 - OpenJDK: deserialization issue in ObjectInputStream.readSerialData...

By hungry cryptography misuse of the actuator to bypass the defense talking about the android cryptographic vulnerability-the vulnerability warning-the black bar safety net

Cryptography is misused in the app is a big problem, almost all apk's checksum algorithm can be simulated Hungry the algorithm robustness and concealment was good, the proposed terms is in order to prove that the signature checking mechanism of the vulnerable Although presented to the hungry, but...

[SECURITY] Fedora 21 Update: roundcubemail-1.1.2-1.fc21

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafti...

FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)

Google Chrome Releases reports : 43 security fixes in this release, including : - 446032 High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. - 459215 High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. - 461858 High CVE-2015-1274: Settings allowed...

Fedora 21 : hostapd-2.4-3.fc21 (2015-11441)

apply fix for NDEF record payload length checking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Google Chrome Multiple Vulnerabilities-01 (Jul 2015) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

FreeXL Excel File Parsing Integer Overflow Vulnerability

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. An integer overflow vulnerability exists in FreeXL, which arises from the program failing to perform proper bounds checking on user-submitted input. An...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 44 to the stable channel for Windows, Mac and Linux. Chrome 44.0.2403.89 contains a number of fixes and improvements, including: A number of new apps/extension APIs Lots of under the hood changes for stability and performance A list...

Xen stack buffer overflow vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A stack buffer overflow vulnerabilit...

IBM Tivoli Storage Manager FastBack Mount vault Stack Buffer Overflow (CVE-2015-1896)

A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to improper bounds checking by the FastBackMount process. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests. Successful exploitati...

Design/Logic Flaw

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers aka SystemEDGE 12....

CVE-2015-3317

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers aka SystemEDGE 12....

Debian DLA-235-1 : ruby1.9.1 security update

CVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

Adobe Acrobat and Reader U3D Texture Parsing Buffer Overflow (APSB12-16) - Ver2 (CVE-2012-2049)

A stack buffer overflow vulnerability has been reported in Adobe Reader. The vulnerability is due to lack of bounds checking when handling PDF files containing specially crafted strings. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

Microsoft Windows TrueType Font File Parsing Code Execution - Ver2 (CVE-2011-3402)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font TTF files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF...

Monkey HTTPD Server Denial of Service - Ver2 (CVE-2013-3724)

A denial of service vulnerability has been reported in Monkey HTTPD Server. The vulnerability is due to improper bounds checking while parsing headers. A remote attacker can exploit this vulnerability by sending a malicious request to the target server. Successful exploitation of this vulnerabili...

xen security update

3.0.3-146.el5 - xen-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch - xen-FDC-Fix-buffer-overflow-Herv-Poussineau.patch - Resolves: bz1219333 xen: qemu: floppy disk controller flaw rhel-5.11.z 3.0.3-144.el5 - xm: Fix vcpu-pin complain for CPU number out of range rhbz 955656 - libxc:...