Linux Distros Unpatched Vulnerability : CVE-2014-9638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service divide-by-zero error and crash via a WAV file with the number of channels set ...

Security Vulnerabilities fixed in Thunderbird 91.10 — Mozilla

A malicious website could have learned the size of a cross-origin resource that supported Range requests. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. When exiting fullscreen mode, an iframe could have...

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

More than a hundred vulnerabilities have been found in small office/home office SOHO routers and network-attached storage devices NAS from vendors that include Asus, Zyxel, Lenovo, Netgear and other top names, which open them up to remote attackers. That’s according to Independent Security...

Oracle Patches 270 Vulnerabilities With First CPU of 2017

Oracle patched 270 vulnerabilities on Tuesday, many remotely exploitable, across 45 different products–including its E-Business Suite, Financial Services software, and MySQL database–as part of its quarterly Critical Patch Update CPU. The massive update comes close breaking Oracle’s record-settin...

Home Hacking Made Simple

SEATTLE–Like most security researchers, David Jacoby is naturally curious about how things work, and whether they can be made to do things they weren’t meant to do. Sitting at home in Sweden a few months ago, he looked at all of the Web-enabled devices in his house–TV, game console, network stora...

phpwcms <= 1.5.4.6 "preg_replace" - Multiple Vulnerabilities

No description provided by source. ?php / phpwcms = v1.5.4.6 pregreplace remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite some time now. Here I...

ICS Vulnerabilities Afffect Critical Infrastructure Security

Industrial control systems manufacturer, Siemens, has released new versions of its SIMATIC S7-1200 CPU family, resolving six security vulnerabilities in that product, and its SIMATIC S7-1200 PLC programmable logic controller, resolving an addition two vulnerabilities there. These patches are...

Memory corruption involving scrolling — Mozilla

Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents...

Vulnerabilities Continue to Weigh Down Samsung Android Phones

Attackers have long had an affinity for having their way with Android phones, but the hammer seems to have really come down over the last few months when it comes to devices manufactured by Samsung. Independent Italian researcher Roberto Paleari discussed several bugs he recently found in Samsung...

Security weakness in Android App SSL Implementations

The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer SSL or Transport Layer Security TLS protocols. Thousands of applications in the Google Play market that are using these implementations. A group of researchers including Sascha...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:147)

Security issues were identified and fixed in mozilla thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Google engineers Warn Of Serious Unpatched Adobe Reader Flaws

Adobe has missed dozens of vulnerabilities in Reader in this week's Patch Tuesday run according to Google engineers who reported the flaws. Sixteen vulnerabilities still affected the Windows and Mac OS X versions, while 31 critical and "trivially exploitable" bugs were found in the Linux...

Debian: Security Advisory (DSA-382-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

zgv -- exploitable heap overflows

infamous41md reports: zgv uses malloc frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small...

[KSA-003] Cross Site Scripting Vulnerability in Phpgroupware

================================================= Kereval Security Advisory KSA-003 Cross Site Scripting Vulnerability in Phpgroupware ================================================= PROGRAM: Phpgroupware HOMEPAGE: http://www.phpgroupware.org/ VULNERABLE VERSIONS: 0.9.14.003 RISK: Low/Medium...

Important: Red Hat Security Advisory: netpbm security update

Updated NetPBM packages are available that fix a number of vulnerabilities in the netpbm libraries. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm portable bitmaps, .pgm portable graymaps, .pnm portable anymaps,...