[SECURITY] Fedora 26 Update: leptonica-1.74.4-5.fc26

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

BSA-2017-471

Security Advisory ID : BSA-2017-471 Component : Apache Santuario Revision : 2.0: Final Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to...

UPDATE: OSRFramework 0.17.3

PenTestIT RSS Feed My last post about this open sources research framework was approximately four weeks ago. Two days ago, a new version was released - OSRFramework 0.17.3. This post covers the changes, fixes and advancements made to this version. What is OSRFramework? OSRFramework is an open...

UPDATE: OSRFramework 0.17.2

PenTestIT RSS Feed My last post about this open sources research framework was approximately three weeks ago. Recently, two new versions were released in quick succession - 0.17.1 & OSRFramework 0.17.2. This post covers the changes and advancements made to both these versions. What is OSRFramewor...

Open Sources Research Framework: OSRFramework

Open Sources Research Framework OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regul...

Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...

UBUNTU-CVE-2017-5377

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox 51...

[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-3.fc25

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-2.fc25

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to incorrect numerical transformations when processing typed arrays. Exploiting this vulnerability allows malicious actors to cause service interruptions access to the array beyond its boundaries or otherwise affect the system by using...

The vulnerability of Nettle’s cryptographic library allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of x8664/ecc-384-modp.asm in the Nettle cryptographic library is related to errors in cryptographic transformations. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2016-0033

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service performance degradation via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service...

Stack overflow

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service performance degradation via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service...

CVE-2016-0033

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service performance degradation via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service...

[SECURITY] Fedora 23 Update: openjpeg2-2.1.0-6.fc23

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

Java: Java XML Signature DoS Attack

It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions DTDs to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial ...

Java: Java XML Signature DoS Attack

It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions DTDs to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial ...

Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)

The remote Solaris system is missing necessary patches to address security updates : - The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive...

Updated xml-security packages fix CVE-2013-4517

Updated xml-security packages fixes security vulnerability: Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures CVE-2013-4517...