CVE-2023-40551

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

[サイバーセキュリティ月間2020] マイクロソフトのセキュリティに関する情報発信サイトのまとめ

わたしたちセキュリティレスポンスチームは、日本政府が定める「サイバーセキュリティ月間」に賛同し、本ブ...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Foxit Reader 7.2.8.1124 - PDF Parsing Memory Corruption

Exploit for windows platform in category dos / poc Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: 7.2.8.1124 and earlier Author: Francis Provencher of COSIG Website: http://www.protekresearchlab.com/ Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technica...

piwik -- multiple vulnerabilities

Piwik changelog reports: This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible...

Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption

Application: Foxit Reader PDF Parsing Memory Corruption Platforms: Windows Versions: The vulnerabilities are reported in Foxit Reader and Foxit Enterprise Reader versions 7.1.0.306 and 7.1.3.320 and Foxit Phantom PDF versions 7.1.0.306, 7.1.2.311, and 7.1.3.320. Secunia: SA63346 PRL: 2015-05...

RHEL 6 : Virtualization Manager (RHSA-2012:1506)

Red Hat Enterprise Virtualization Manager 3.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the C...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.0 update (Important) (RHSA-2014:1019)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1019 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition...

[oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer

Good morning, Could a CVE please be assigned to http://seclists.org/fulldisclosure/2014/May/44 if one has not been already? Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch applies, but I did not test it. For an older version, drupal6-flag-1.3-3.fc19 appears unaffected. Cheers...

BlackBerry Releases Guidelines to Deter Privacy-Infringing Apps

Aiming to shore up user security BlackBerry this week released a new set of privacy guidelines it’s encouraging third-party app developers to follow to better protect their customers. The guidelines apply to customers’ personally identifiable information PII – the bits of information that apps...

CentOS 5 : kernel (CESA-2013:1166)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...

CentOS Update for quota CESA-2013:0120 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes

Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...

Q&A: Adrian Stone of the BlackBerry Security Team

LAS VEGAS–Here’s something that you might not know about RIM: it has a rather large security response and research team. The maker of the BlackBerry phones–once the must-have fashion accessory for executives and Barack Obama–historically has been almost silent on the way that it handles product...

Facebook distributing White Hat Debit Card to Bug Bounty Winners

Facebook distributing White Hat Debit Card to Bug Bounty Winners Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. Neal Poole, a junior at Brown University, has report...

RHEL 6 : rpm (RHSA-2011:1349)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1349 advisory. The RPM Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating...

Apache Tomcat JK Connector: Information disclosure

Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...