EUVD-2019-4690

Malware in sbrugna...

Stable Channel Update for Desktop

The Stable channel has been updated to 127.0.6533.99/.100 for Windows, Mac and 127.0.6533.99 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

[SECURITY] Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40

utfnormal is a library that contains unicode normalization functions. It was split out of MediaWiki core during the 1.25 development cycle...

Stable Channel Update for Desktop

The Stable channel has been updated to 106.0.5249.119 for Windows,Mac and Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Extended stable channel has been updated to 106.0.5249.119 for Windows,Mac which will roll out over the...

Planning Go 1.20 Cryptography Work

As you might know, I left Google in spring to try and make the concept of a professional Open Source maintainer a thing. Im staying on as a maintainer of the Go cryptography standard library, and I am going to seek funding from companies that rely on it, want to ensure its security and reliabilit...

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

Design/Logic Flaw

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs

Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows specifically this was developed and tested on Windows 10 17763. Bochs is used for providing deep...

Stable Channel Update for Desktop

The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Stable Channel Update for Desktop

The stable channel has been updated to 70.0.3538.110 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...

CVE-2018-18444

makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact...

CVE-2017-9111

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

CVE-2017-9113

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code...

WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)

Case Study: SSRF in Nelio AB Testing WordPress Plugin Nelio AB Testing is a WordPress plugin used for A/B Testing in WordPress pages. We can download the source-code of the Plugin from plugins.svn.wordpress.org/nelio-ab-testing/tags/4.5.8/. Server-side Request Forgery SSRF is a vulnerability wher...

Stable Channel Updates for Chrome OS

The Stable channel has been updated to 57.0.2987.137 Platform version: 9202.60.0 for all Chrome OS devices except AOpen Chromebase Mini, AOpen Chromebox Mini, Google Chromebook Pixel 2015, ASUS Chromebook Flip C100PA, Samsung Chromebook Plus. This build contains a number of bug fixes, security...

Mozilla Pushes Firefox 5, Do Not Track Feature, New Development Cycle

With the release of Firefox 5 earlier this week, Mozilla has finally added its Do Not Track privacy feature to the company’s flagship browser. The feature, aimed at customizing how users browsing behavior is tracked is the first of its kind that can be implemented across multiple platforms,...