Scientific Linux Security Update : squid on SL7.x x86_64 (20160531)

Security Fixes : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 - Buffer overflow and input...

tools.promosite.ru XSS vulnerability

Vulnerable URL: http://tools.promosite.ru/account.php?" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check tools.promosite.ru SSL...

CVE-2016-1693

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

CVE-2016-1693

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

Session fixation

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

CVE-2016-1693

The CVE-2016-1693 vulnerability affects Google Chrome/Chromium where the Software Removal Tool was downloaded over HTTP instead of HTTPS, enabling a MITM to spoof chrome_cleanup_tool.exe. The issue is documented in multiple sources (e.g., Debian security advisories, Gentoo GLSA, Arch lists) and i...

CentOS Update for squid CESA-2016:1139 centos7

Check the version of squid SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882499";...

Lenovo Tells Users to Uninstall Vulnerable Updater

Lenovo has waved the white flag on a vulnerable component of its pre-installed software updater and recommends that users uninstall it from more than 110 notebook and desktop models running Windows 10. The decision to have users yank the Lenovo Accelerator Application comes days after a Duo Labs...

squid security update

CentOS Errata and Security Advisory CESA-2016:1139 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

OEM Bloatware Security Vulnerabilities Found

Last year’s Superfish and eDellRoot bloatware mishaps exposed the security nightmare that pre-installed software updaters can create on new laptops. And while these two high-profile incidents made the issue public, they’re hardly isolated cases. Many popular consumer and business laptops from...

Moderate: Red Hat Security Advisory: squid34 security update

An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

Moderate: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Forbidden attack: 7 million web servers get caught by the attack of the risk-vulnerability warning-the black bar safety net

! Recently, according to some international safety panel research showed that financial giants Visa's part of the HTTPS protected site has recently been discovered a vulnerability, which can allow a hacker to inject malicious code, the visitor's browser will access to malicious content. Encryptio...

proofing.em4b.com XSS vulnerability

Vulnerable URL: http://proofing.em4b.com/ezimage/upload.jsp?width=1.0=1.0=0.0=1=1%22--%3E%3Csvg/onload=;prompt%28/OPENBUGBOUNTY/%29;%3E=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

CVE-2016-1693

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

KLA10816 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information or conduct another unknown impact. Below is a complete list of vulnerabilities: 1. Multiple...

MGASA-2016-0207 Updated golang package fixes CVE-2016-3959

Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

Updated golang package fixes CVE-2016-3959

Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...

CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...