CNNVD on the United States Netsarang company multi software the presence of malicious code briefings-vulnerability warning-the black bar safety net

Recently, the national information security vulnerabilities library CNNVD received about the the United States Netsarang company more software there malicious code in case the message send. The company Xshell And Xmanager remote connection use of the product nssock2.dll module in the presence of...

SUSE-SU-2017:2070-1 Security update for Linux Kernel Live Patch 6 for SLE 12 SP2

This update for the Linux Kernel 4.4.49-9214 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege bsc1050751. - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type...

Schneider Electric PowerSCADA Anywhere and Citect Anywhere

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: PowerSCADA Anywhere and Citect Anywhere Vulnerabilities: Information Exposure, Cross-Site Request Forgery, Improper Neutralization of Expression, Improper Validation of Certificate...

SUSE-SU-2017:1742-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - Page transfer might have allowed PV guest to elevate privilege XSA-217, bsc1042882 - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation XSA-218, bsc1042893 -...

SUSE-SU-2017:1664-1 Security update for wireshark

The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: CVE-2017-9352: Bazaar dissector infinite loop wnpa-sec-2017-22 bsc1042304 CVE-2017-9348: DOF dissector read overflow wnpa-sec-2017-23 bsc1042303 CVE-2017-9351: DHCP dissector read overflow...

MGASA-2017-0139 Updated thunderbird packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,...

Microsoft is the aeration Windows latest remote code execution vulnerability: extremely bad! Now the vulnerability details have been released-vulnerability warning-the black bar safety net

It is well known that Google has an internal Super hacker team-the“Project Zero”, according to securityaffairs 5 months 8 reported that Google Project Zero researcher in the Microsoft Windows OS found a remote code execution vulnerability RCE, but this is not a simple RCE, they put it characteriz...

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...

PT-2017-16802 · Zziplib +3 · Zziplib +3

Name of the Vulnerable Software and Affected Versions: zziplib version 0.13.62 Description: The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and crash, via a crafted ZIP file. This is due to a problem in the zzip mem entry new function in memdisk....

WBCE CMS vulnerable to directory traversal

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

SUSE-SU-2017:0568-1 Security update for php53

This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to...

CVE-2017-6299

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."...

MS10-041: Description of the security update for the .NET Framework 3.5 Service Pack 1 for Windows 7 and for Windows Server 2008 R2: June 8, 2010

MS10-041: Description of the security update for the .NET Framework 3.5 Service Pack 1 for Windows 7 and for Windows Server 2008 R2: June 8, 2010 INTRODUCTION Microsoft has released security bulletin MS10-041. To view the complete security bulletin, visit one of the following Microsoft websites:...

MGASA-2016-0352 Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

OPENSUSE-SU-2016:2254-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - update to Thunderbird 45.3.0 boo991809 Disposition-Notification-To could not be used in mail.compose.other.header 'edit as new message' on a received message pre-filled the sender as the composing identity. Certain messages caused...

MGASA-2016-0292 Updated gnupg/libgcrypt packages fix security vulnerability

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output CVE-2016-6313. The gnupg package has been...

[SECURITY] [DLA 602-1] gnupg security and hardening update

Package : gnupg Version : 1.4.12-7+deb7u8 CVE ID : CVE-2016-6313 Debian Bug : 834893 CVE-2016-6313 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPGs random number generator. An attacker who obtains 4640 bits from the...

[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04756070 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04756070 Version: 1 HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code...

JVN#09283606: desknet's NEO vulnerable to directory traversal

desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Impact An authenticated attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

MGASA-2015-0315 Updated kdepim package fixes security vulnerability

This update fixes a security vulnerability in kdepim : kmail doesn't encrypt attachments when "automatic encryption" is selected CVE-2014-8878...