The vulnerabilities of Adobe Reader and Adobe Reader Document Cloud, as well as Adobe Acrobat and Adobe Acrobat Document Cloud, allow a perpetrator to trigger service interruptions or execute arbitrary codes.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, are due to an operation that goes beyond the buffer boundaries in memory. Exploiting these vulnerabilities can allo...

DSA-3716-1 firefox-esr - security update

Bulletin has no description...

Security vulnerabilities fixed in Firefox 50 — Mozilla

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. When the Mozilla Updater is run, if the Updater's log file in the...

SUSE-SU-2016:2764-1 Security update for util-linux

This update for util-linux fixes a number of bugs and one minor security issue. The following minor vulnerability was fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition bsc988361 The following bugs were fixed: - bsc987176: When mounting a subfolder of a CIFS share,...

firewalld security, bug fix, and enhancement update

0.4.3.2-8 - Exclude firewallctl RHBZ1374799 0.4.3.2-7 - Tolerate ipv6rpfilter fail RHBZ1285769 - Fix setrules to copy the rule before extracting the table RHBZ1373260 - Translation update RHBZ1273296 - Conflict with NetworkManager 1:1.4.0-3.el7 RHBZ1366288 0.4.3.2-6 - Do not use exit code 254 for...

MS16-141: Security Update for Adobe Flash Player (3202790)

The remote Windows host is missing KB3202790. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a website containing specially crafted Flash content...

Fedora 24 : curl (2016-e8e8cdb4ed)

fix cookie injection for other servers CVE-2016-8615 - compare user/passwd case-sensitively while reusing connections CVE-2016-8616 - base64: check for integer overflow on large input CVE-2016-8617 - fix double-free in krb5 code CVE-2016-8619 - fix double-free in curlmaprintf CVE-2016-8618 - fix...

Yelp: Nginx server version disclosure on engineeringblog

Hi Yelp Team, I have found a little information disclosure on your system with regards to the version of server you are using, due to not properly handling 404 errors , whe you go to the page that i not existing, the exact nginx version was disclosed. PoC URL: engineeringblog.yelp.com/test PoC...

The vulnerability of the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel is related to errors in the code. Exploiting this vulnerability can allow a local attacker to cause service failures file system access errors through a specially crafted application...

The vulnerability of the LibreOffice office software package, which allows a hacker to trigger a service failure

The vulnerability of the LibreOffice office software package is related to errors in the code. Exploiting this vulnerability can allow a malicious individual to cause a service failure by opening a specially crafted file...

SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:2697-1)

This update for bind fixes the following issues : - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. - Fix BIND to return a valid...

Debian DLA-691-1 : libxml2 security update

CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. CVE-2016-5131 The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a...

DLA-691-1 libxml2 - security update

Bulletin has no description...

iCloud Phishing Campaign Zycode Back From the Dead

A phishing campaign aimed at Chinese Apple users that was thought to be in hibernation has been roused from its slumber. Researchers in June spotted the campaign, dubbed Zycode, targeting Apple iCloud users. A rash of suspended domains that month led to a lull for the campaign however; researcher...

[SECURITY] [DLA 658-1] icedove security update

Package : icedove Version : 45.4.0-1deb7u1 CVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261, CVE-2016-5257 Multiple security issues have been found in Icedove, Debians version of the Mozil...

DLA-658-1 icedove - security update

Bulletin has no description...

The vulnerabilities in iOS and Mac OS X operating systems allow attackers to trigger service failures or execute arbitrary code in privileged contexts.

The vulnerability of the IOAcceleratorFamily component in iOS and Mac OS X operating systems is related to pointer dereferencing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged contexts or trigger a service failure dereferencing the null...

The vulnerability of the Mac OS X operating system, which allows a hacker to bypass the Taint-mode security mechanism

The vulnerability of the Perl component of the Mac OS X operating system is related to security configuration errors. Exploiting this vulnerability allows a local attacker to bypass the Taint-mode protection mechanism by using a specially created environment variable...

MS16-127: Security Update for Adobe Flash Player (3194343)

The remote Windows host is missing KB3194343. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists that allows an unauthenticated, remote attacker to execute arbitrary code. CVE-2016-6992 - Multiple use-after-free errors exist that allow an unauthenticated,...

Turkey Blocks GitHub, Google Drive and Dropbox to Censor RedHack Leaks

Turkey is again in the news for banning online services, and this time, it's a bunch of sites and services offered by big technology giants. Turkey government has reportedly blocked access to cloud storage services including Microsoft OneDrive, Dropbox, and Google Drive, as well as the code hosti...