Remote Code Execution Bug Patched in Adobe Acrobat Reader DC

Researchers at Cisco Talos are detailing a remote code execution vulnerability found in Adobe Acrobat Reader DC that can be triggered when a malicious file is opened or a victim accesses a rigged webpage. According to Talos, the vulnerability CVE-2018-4901 was disclosed on Dec. 7 and Adobe issued...

Kenna Security: Analyzing Vulnerability Scan data

I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...

Moderate: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

The vulnerability of the messaging system between components of ArchestrA Wonderware ArchestrA Logger is caused by buffer overflows in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the messaging system between components in ArchestrA Wonderware ArchestrA Logger arises due to buffer overflow on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a high-priority account...

EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1224)

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VN...

Qemu: i386: leakage of stack memory to guest in kvmvapic.c

An information-exposure flaw was found in Quick Emulator QEMU in Task Priority Register TPR optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory...

Qemu: i386: leakage of stack memory to guest in kvmvapic.c

An information-exposure flaw was found in Quick Emulator QEMU in Task Priority Register TPR optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory...

Qemu: i386: leakage of stack memory to guest in kvmvapic.c

An information-exposure flaw was found in Quick Emulator QEMU in Task Priority Register TPR optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory...

FreeBSD : node.js -- multiple vulnerabilities (3eff66c5-66c9-11e7-aa1d-3d2e663cef42)

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

Fedora 25 : webkitgtk4 (2017-98bc28ae9e)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

Users with the same name as an inactive user in a higher priority directory get all that users memberships

h3. Summary In embedded Crowd in at least JIRA and Confluence, when a user is made inactive but retains its groups, then if a lower priority directory has a new user created with the same name, it now inherits their memberships. It seems like the logic used to determine the user authentication by...

warbird.no XSS vulnerability

Vulnerable URL: http://www.warbird.no/section.php?Category=RWONTV=Priority=videolistalert/OPENBUGBOUNTY/...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6580

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

CVE-2016-6580

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

Design/Logic Flaw

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

CVE-2016-6580

CVE-2016-6580 affects HTTP/2 implementations built with the Python priority library older than 1.2.0. The vulnerability arises when a peer can assign priority information for every HTTP/2 stream ID, allowing the priority data structure to grow without bound, consuming memory and driving extremely...

CVE-2016-6580

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

DEBIAN-CVE-2016-1922

QEMU aka Quick Emulator built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'currentcpu' remains null, which leads to the null pointer dereference. A user or...