HTTP/2 push is tougher than I thought

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in. HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it ...

UBUNTU-CVE-2016-10375

Yodl before 3.07.01 has a Buffer Over-read in the queuepush function in queue/queuepush.c...

DEBIAN-CVE-2016-10375

Yodl before 3.07.01 has a Buffer Over-read in the queuepush function in queue/queuepush.c...

Wireless IP Camera (P2P) WIFICAM Sensitive Information Disclosure Vulnerability (CNVD-2017-06906)

Wireless IP Camera P2P WIFICAM is a remote IP camera. A security vulnerability exists in the Wireless IP Camera P2P WIFICAM device that originates from the storage of the 'Apple Production IOS Push Services' RSA key and certificate in /system/www/pem/ck.pem in the firmware. RSA key and certificat...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:1099-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)

Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed bsc1035082 : - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption wi...

The vulnerability of the multimedia player iTunes, which allows a tracker to monitor users

The vulnerability of the APNs Server component in the iTunes multimedia player relates to the use of open-text client certificates and their transmission to the vulnerable component. Exploiting this vulnerability allows a malicious actor to track users by correlating them with the certificates...

Moxa MX-AOPC UA Server 1.5 XML Injection

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...

Troubleshooting Secure Mail Issues with iOS Push Notifications

This article discusses how to diagnose and fix issues related to Secure Mail push notifications on iOS devices. Background Push notifications for Secure Mail allow users to receive updates when the app refreshes, and notifications about email and calendar activitythrough the Apple Push Notificati...

List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2

Lists Microsoft Knowledge Base KB articles that describe the hotfixes and updates that are contained in Microsoft System Center Configuration Manager 2007 Service Pack 2 SP2.INTRODUCTIONThis article lists Microsoft Knowledge Base KB articles that describe the hotfixes and updates that are contain...

HTTP/2 Server Push: The What, How and Why

What is HTTP/2 Server Push? How does it work? Why is it valuable? If you are looking for the answers to these questions, you've come to the right place. What it is HTTP/2 h2 Server Push is one of the performance features included in version 2 of the HTTP protocol. It allows the Web server to "pus...

openSUSE Security Update : python3-sleekxmpp (openSUSE-2017-137)

This update for python3-sleekxmpp fixes the following issues : - Check the origin of roster pushes 2015-8688, 2016-9928, boo1014976. Also see https://gultsch.de/gajimrosterpushandmessageinterce ption.html - An error in legacyauth support was fixed %NASLMINLEVEL 70300 C Tenable Network Security,...

UBUNTU-CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

MGASA-2016-0433 Updated mcabber packages fix security vulnerability

It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...

Updated mcabber packages fix security vulnerability

It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...

Gooligan Malware Breaches 1 Million Google Accounts

Android malware called Gooligan is being blamed for 1 million breached Google accounts. The malware is still active, according Check Point Software Technologies, and is responsible for an additional 13,000 new breaches of Android devices daily. “We believe that it is the largest Google account...

[SECURITY] [DLA 724-1] mcabber security update

Package : mcabber Version : 0.10.1-3+deb7u1 Debian Bug : 845258 It was discovered that there was a "roster push attack" 0 in mcabber, a console-based Jabber XMPP client. For Debian 7 "Wheezy", this issue has been fixed in mcabber version 0.10.1-3+deb7u1. We recommend that you upgrade your mcabber...

DLA-724-1 mcabber - security update

Bulletin has no description...

Tencent pigeon sdk application has a design logic vulnerability

Passenger Pigeon XG Push is a mobile App push platform that supports two mainstream platforms, Android and iOS. Tencent pigeon sdk application design logic vulnerabilities. Due to the Tencent pigeon sdk permission filtering is not strict, attackers can use the vulnerability can lead to override...

Unauthorized Modification Vulnerability in Samsung Galaxy S4 to S7 Devices

The Samsung Galaxy S4 and others are smart mobile devices released by the South Korean company Samsung Samsung. An unauthorized modification vulnerability exists in Samsung Galaxy S4 to S7 devices. The vulnerability stems from the program ignoring security information embedded in OMACP messages. ...