123 matches found
CVE-2020-7705 Malicious Package
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the...
Update on NIST's Post-Quantum Cryptography Program
NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...
Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness
The “Lessons learned from the Microsoft SOC” blog series is designed to share our approach and experience with security operations center SOC operations, so you can use what we learned to improve your SOC. The learnings in the series come primarily from Microsoft’s corporate IT security operation...
Malicious Package
Overview All versions of asynnc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...
[SECURITY] Fedora 27 Update: bchunk-1.2.2-1.fc27
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format sometimes .raw/.cue into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing...
[SECURITY] Fedora 26 Update: bchunk-1.2.2-1.fc26
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format sometimes .raw/.cue into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing...
BSides NYC, a volunteer organized event put on by and for the community
Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world. I've been a long time...
DEBIAN-CVE-2014-0142
QEMU, possibly before 2.0.0, allows local users to cause a denial of service divide-by-zero error and crash via a zero value in the 1 tracks field to the seektosector function in block/parallels.c or 2 extentsize field in the bochs function in block/bochs.c...
We want YOU...to speak at UNITED 2017!
Are you an IT or security professional who secretly dreams of speaking to a group of passionate people facing the same challenges and celebrating the same victories as you? Dream no more: For the next three weeks, were accepting submissions for presentations at UNITED 2017 September 13-14 in...
LG G4 MRA58K - mkvparser::Tracks constructor Failure to Initialise Pointers
LG G4 MRA58K - mkvparser::Tracks constructor Failure to Initialise Pointers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks doesn't handle parsing failures correctly. I...
LG G4 MRA58K - mkvparser::Tracks constructor Failure to Initialise Pointers Exploit
Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks doesn't handle parsing failures correctly. If we look at the function...
UBUNTU-CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
DEBIAN-CVE-2017-6814
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...
GStreamer Multiple Function Denial of Service Vulnerability
GStreamer is an open source multimedia framework. GStreamer has a security vulnerability in the gstminiobjectunref/gsttaglistunref/gstmxfdemuxupdateessencetracks function. A remote attacker caused a denial of service...
Mozilla Firefox < 51 Multiple Vulnerabilities
Binary data 9927.prm...
Racing 3D: Asphalt Real Tracks - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Racing 3D: Asphalt Real Tracks published at the 'play' market has multiple vulnerabilities...
Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities
Talos Vulnerability Report TALOS-2016-0037 Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities January 28, 2016 CVE Number CVE-2016-1515 Description A use after free/double free vulnerability can occur in libmatroska while parsing Track elements of the MKV...
Vimeo: A user can enhance their videos with paid tracks without buying the track
It is possible to enhance videos with paid tracks without buying the track. Steps to verify: 1. Log into vimeo.com and navigate to https://vimeo.com/enhancer. 2. Click on any paid music track and note down the track id from the URL ex:...
CVE-2014-7933
Use-after-free vulnerability in the matroskareadseek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers...
Design/Logic Flaw
Use-after-free vulnerability in the matroskareadseek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers...