Lucene search
K

36 matches found

The Hacker News
The Hacker News
added 2023/05/30 12:29 p.m.4 views

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers

Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative ZDI said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious...

8.8CVSS7.5AI score0.00814EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/04/26 7:5 a.m.3 views

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 CVSS score: 9.3, is described as a stack-based...

9.8CVSS7.3AI score0.70423EPSS
Exploits0
myhack58
myhack58
added 2018/11/08 12:0 a.m.531 views

Researchers wishing to publish Microsoft Edge browser 0-day sandbox escape vulnerability-vulnerability warning-the black bar safety net

In recent days, according to Twitter nickname is@Yux1xi(Yushi Liang security researchers revealed that he plans to publish on a Microsoft browser Microsoft Edge 0-day vulnerability that can be achieved for Edge browser remote code execution RCE, and@Yux1xi also claimed that he and his Russian...

0.2AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.34 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

8.8CVSS6.4AI score
Exploits0References20
android
android
added 2018/06/01 12:0 a.m.38 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

6.8CVSS2.6AI score0.12054EPSS
Exploits0References3Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/03/16 3:14 p.m.233 views

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018

This week marked the 11th annual Pwn2Own contest held during the CanSecWest conference in Vancouver and while the contest had fewer entries compared to previous years, it was still an exciting event filled with a little drama. Over the course of two days, the Zero Day Initiative awarded $267,000...

9.3CVSS7.2AI score0.82334EPSS
Exploits46
FreeBSD
FreeBSD
added 2018/03/16 12:0 a.m.31 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as...

9.8CVSS8.6AI score0.12054EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2016/05/27 7:0 a.m.38 views

Researcher Pockets $30,000 in Chrome Bounties

Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the...

6.8CVSS8.9AI score0.03094EPSS
Exploits6References24
myhack58
myhack58
added 2016/05/11 12:0 a.m.21 views

3 6 0 Marvel Team virtualization vulnerabilities the fifth bomb: CVE-2 0 1 6-3 7 1 0 Dark Portal vulnerability analysis-vulnerability warning-the black bar safety net

From 2 0 1 5 year 5 month venom vulnerabilities raging global Cloud Platform, 3 6 0 Marvel Team accumulated in kvm, xen, vmware platform on found submitted up to 2 2 pieces of high-risk security 0day vulnerabilities, these vulnerabilities will lead to a General purpose cloud system was hacked...

8.1AI score0.00916EPSS
Exploits0
ThreatPost
ThreatPost
added 2015/07/08 11:19 a.m.114 views

Hacking Team Flash Zero Day Weaponized in Exploit Kits

Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team. Experts, including French researcher Kafeine and a number of others from security companies, revealed last night...

10CVSS9.5AI score0.99344EPSS
Exploits29References12
ThreatPost
ThreatPost
added 2015/04/14 2:49 p.m.55 views

April 2015 Microsoft Patch Tuesday Security Bulletins

Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it’s inevitably publicly exploited. The bulletin, MS15-034, is one of four critical bulletins issued today by Microsoft. Experts warn that exploitin...

10CVSS10AI score0.9679EPSS
Exploits7References15
myhack58
myhack58
added 2015/03/26 12:0 a.m.17 views

Mozilla official rushed to repair the Pwn2Own contest on the disclosure of the Firefox browser vulnerability-vulnerability warning-the black bar safety net

3 on 1 8 March, the world's top hacker contest Pwn2Own2015 in Vancouver, Canada, opened the Battle screen, and the brightest great God recount, Mariusz Mlynski in a very short period of time compromised the Firefox get 3 0 0 0 0 $ a huge bonus. And Mozilla official at the end of the game...

1.2AI score
Exploits0
OSV
OSV
added 2015/03/24 12:2 a.m.6 views

SUSE-SU-2015:0593-1 Security update for Mozilla Firefox

MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-tim...

7.5CVSS6.8AI score0.03651EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2014/05/21 11:8 a.m.17 views

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days

Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/04/03 3:0 p.m.10 views

Facebook Bug Bounty Submissions Dramatically Increase

Facebook today reported a dramatic increase in 2013 submissions to its bug bounty program, and said that despite reports from researchers that it’s becoming difficult to find severe bugs on its various properties, the social network plans to increase rewards for critical bugs. “The volume of...

7.7AI score
Exploits0References6
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.50 views

Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla

Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...

9.3CVSS9.4AI score0.05576EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.74 views

Privilege escalation using WebIDL-implemented APIs — Mozilla

Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open. A second bug allowed the bypassing of the popup-blocker without user...

9.8CVSS9.4AI score0.83633EPSS
Exploits6References4Affected Software4
ThreatPost
ThreatPost
added 2014/03/13 8:42 p.m.12 views

China's Keen Team Topples Safari, Flash at Pwn2Own

VANCOUVER – One is the bug hunter, the other the exploit specialist. Fang Jiahong and Liang Chen represented the Keen Team at Pwn2Own on Thursday, starting off the second day of the annual exploit festival with a quick takedown of Apple’s Safari browser. They then wrapped up the contest with a...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/12 10:27 p.m.9 views

Vupen Cashes in Four Times at Pwn2Own 2014

VANCOUVER – It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits ar...

0.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2013/11/14 9:54 a.m.13 views

Hacker 'Pinkie Pie' successfully compromised Chrome on Nexus 4 and Samsung Galaxy S4

A Mysterious Hacker who goes by the "Pinkie Pie" handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4. At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit showcased by "Pinkie Pie"...

7.8AI score
Exploits0
Rows per page
Query Builder