Do we need a new heading element? We don't know

There's a proposal to add a new element to the HTML spec. It solves a fairly common use-case. Take this HTML snippet: Do you find the "plot" a distraction in movies? If so, you should check out "John Wick" - satisfaction guaranteed! This could be a web component, or a simple include. The problem...

IBM Domino Authentication Bypass Vulnerability

IBM Domino is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino";...

LG G4 - lghashstorageserver Directory Traversal

LG G4 - lghashstorageserver Directory Traversal Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=987 The lghashstorageserver binder service /system/bin/lghashstorageserver implementation on the LG G4 is vulnerable to path traversal, allowing an app to read and write 0x20 bytes fr...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

java security update

CentOS Errata and Security Advisory CESA-2017:0269 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common...

Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the PKCS7 implementation doesn't correctly handle a lack of outer ContentInfo. This flaw allows attackers to cause null pointer dereferences and applications crashes through malformed data with ASN.1 encodi...

Social Engineering Attack Via Impersonation

slixmpp and sleekxmpp are vulnerable to social engineering attacks via a loophole leading to impersonation. It happens due to a flaw in the implementation of XEP-0280: Message Carbons in multiple XMPP clients, allowing a malicious user to impersonate any user, including contacts in the vulnerable...

USN-3190-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...

Ubuntu: Security Advisory (USN-3194-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

CVE-2017-5602

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6...

Design/Logic Flaw

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

CVE-2017-5592

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity 0.4.7 - 0.5.0...

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

Ubuntu 16.10 : linux vulnerabilities (USN-3190-1)

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3189-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3189-1 advisory. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with...

Tater - A PowerShell implementation of the Hot Potato Windows Privilege Escalation Exploit

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell - https://github.com/Cn33liz/p0wnedShell PowerShell Empire - https://github.com/PowerShellEmpire/Empire PSAttack - https://github.com/jaredhaight/psattack Functions Invoke-Tater Th...

Ubuntu: Security Advisory (USN-3189-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...