CVE-2018-12525

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard MaDDash 2.0.2. A direct request to /images/ provides a directory listing...

CVE-2018-12524

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard MaDDash 2.0.2. A direct request to /lib/ provides a directory listing...

CVE-2018-12523

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard MaDDash 2.0.2. A direct request to /etc/ provides a directory listing...

CVE-2018-12523

PerfSONAR MaDDash 2.0.2 contains an information disclosure vulnerability: a direct request to /etc/ exposes a directory listing. Affected component is the MaDDash web UI (maddash-webui) handling /etc/. The issue allows enumeration of internal files and directories, which could reveal sensitive in...

MagniComp SysInfo Information Exposure

MagniComp SysInfo Information Exposure CVE-2018-7268 ====================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt Overview -------- MagniComp SysInfo contains a information...

Security Bulletin: IBM Security Key Lifecycle Manager is affected by active debugging code (CVE-2016-6117)

Summary IBM Security Key Lifecycle Manager can be deployed with active debugging code that can create unintended entry points. Vulnerability Details CVEID: CVE-2016-6117 DESCRIPTION: IBM Tivoli Key Lifecycle Manager can be deployed with active debugging code that can disclose sensitive informatio...

Thousands of Android Devices Running Insecure Remote ADB Service

Despite warnings about the threat of leaving insecure remote services enabled on Android devices, manufacturers continue to ship devices with open ADB debug port setups that leave Android-based devices exposed to hackers. Android Debug Bridge ADB is a command-line feature that generally uses for...

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

Design/Logic Flaw

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox 53...

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A...

Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)

作者：bigric3 作者博客： 5月15日ESET发文其在3月份捕获了一个 pdf远程代码执行（cve-2018-4990）+windows本地权限提升（cve-2018-8120）的样本。ESET发文后，我从vt上下载了这样一份样本（）。初步逆向，大致明确如外界所传，该漏洞处于开发测试阶段，不慎被上传到了公网样本检测的网上，由ESET捕获并提交微软和adobe修补。测试特征字符串如下 定位样本中关键的代码并调试分析...

RHEL 7 : kernel (RHSA-2018:1347)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1347 advisory. - Kernel: KVM: error in exception handling leads to wrong debug stack value CVE-2018-1087 - Kernel: error in exception handling leads to DoS...

x86: mishandling of debug exceptions

ISSUE DESCRIPTION When switching stacks, it is critical to have a matching stack segment and stack pointer. To allow an atomic update from what would otherwise be two adjacent instructions, an update which changes the stack segment either a mov or pop instruction with %ss encoded as the destinati...

Rooting a Logitech Harmony Hub: Improving Security in Today's IoT World

Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things IoT device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and...

Hyper-V Debugging Symbols Are Publicly Available

The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

RHEL 6 : chromium-browser (RHSA-2018:1195)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1195 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 66.0.3359.117. Security Fixes:...