UBUNTU-CVE-2017-5421

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox 52 and Thunderbird 52...

DEBIAN-CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2016-9347

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards WIOC running the firmware available in the DeltaV system, release v13.3, have the SSH Secure Shell functionality enabled unnecessarily...

Error: "The Gateway has EPA enabled, which is not supported on iOS devices" on iOS Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. The following error is displayed when logging on to iOS Receiver: The Gateway has EPA enabled, which...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled

function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type RenderBox, but in the PoC it is actually of type RenderText. This was...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type...

CVE-2014-8362

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface...

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

CVE-2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if...

VM Manager - Unsafe deleting, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application VM Manager published at the 'play' market has multiple vulnerabilities...

CVE-2016-7084

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service host OS memory corruption via a JPEG...

GRIZZLY STEPPE - Russian Malicious Cyber Activity

The Department of Homeland Security DHS has released a Joint Analysis Report JAR that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services RIS is part of an ongoing campaign of cyber-enabled operations directe...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

MS16-148: Description of the security update for Excel 2013: December 13, 2016

MS16-148: Description of the security update for Excel 2013: December 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

ALPINE-CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

Sony Closes Backdoors in IP-Enabled Cameras

Sony, in late November, provided a firmware update for a popular IP-enabled camera line used by enterprises and law enforcement alike that closed off remote administration backdoors. The backdoors could be abused to draft these devices into botnets or allow for manipulation of images and...

CVE-2016-2952

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

UBUNTU-CVE-2016-8630

The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS crash via a certain use of a ModR/M byte in an undefined instruction...

NULL pointer reference denial of service vulnerability in ntpd

Network Time Protocol NTP is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. Synchronizing a computer's clock to UTC ensures that data interactions in a network can proceed smoothly.NTPD Network Time Protocol daemon is an operating...

ntp: ntpd crash when processing config commands with statistics type

It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation e.g. timingstats was referenced by the statistics or filegen configuration command...