qemu: ide: atapi: heap overflow during I/O buffer memory access

A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...

Micro:bit — A Pocket-sized Programmable Computer

The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics. The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in...

SQL Injection Vulnerability in Special Equipment Safety Monitoring System of Fuzhou Development Zone Chuangda Electronics Co.

Fuzhou Development Zone Chuangda Electronics Co., Ltd. special equipment safety monitoring system is a set of safety monitoring system for regulating elevators and other special equipment. Fuzhou Development Zone, Chuangda Electronics Co., Ltd. special equipment safety monitoring system there are...

SQL Injection Vulnerability in the Dynamic Supervision System of Special Equipment Safety Supervision of Fuzhou Development Zone Chuangda Electronics Co.

Fuzhou Development Zone Chuangda Electronics Co., Ltd. special equipment safety monitoring dynamic supervision system is a set of safety monitoring system used to regulate elevators and other special equipment. Fuzhou Development Zone, Chuangda Electronics Co., Ltd. special equipment safety...

FTC Urges IoT Privacy, Security at Consumer Electronics Show

In her keynote address yesterday at the Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez imagined the dystopic convergence of big data conglomerates and a ceaseless information gathering machine fueled by the constant connectivity ushered in by the so-call...

Authentication flaw

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2014-7243

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2014-7243

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors...

GPG 32-Bit Short Key ID Collision Attacks

Attack and vulnerability details are often disclosed in order to prompt vendors and project maintainers into action. It happened recently with publication of attack code that mimicked the work of Karsten Nohl on BadUSB and tried to nudge Phison Electronics of Taiwan into looking at its USB...

LG Electronics mobile access routers lack access restrictions

Overview LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacke...

JVN#71762315: LG Electronics mobile access routers lack access restrictions

LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Impact An attacker that can access the device may bypass authentication and obtain information stored on the device. Solution Apply an Update Apply the update according ...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

CVE-2014-7457

The Electronics For You aka com.magzter.electronicsforyou application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Electronics For You aka com.magzter.electronicsforyou application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7457

The Electronics For You aka com.magzter.electronicsforyou application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7457

The CVE-2014-7457 entry concerns the Electronics For You Android app (com.magzter.electronicsforyou) version 3.02, where SSL server certificate verification is not performed. This allows MITM attackers to spoof servers and exfiltrate sensitive data via a crafted certificate. The issue is describe...

Ultra Electronics 7.2.0.19 and 7.4.0.7 - Multiple Vulnerabilities

No description provided by source. Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities

Ultra Electronics 7.2.0.197.4.0.7 - Multiple Vulnerabilities Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

Ultra Electronics SSL VPN 7.2.0.19 / 7.4.0.7 SQL Injection / Directory Creation

Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities. Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities...

BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be...