Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes Exploit

Exploit for windows platform in category dos / poc GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot scopeLocation;...

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

IBM Sametime Meeting Server Information Disclosure Vulnerability (CNVD-2017-27543)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

IBM Sametime Meeting Server Information Disclosure Vulnerability (CNVD-2017-27542)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

Legal Robot: 2FA manual entry uses wrong encoding

A security researcher discovered that following another change from report 259415, we used the wrong encoding for the manually entered secret. No sensitive data was exposed and there was no security risk, but users were unable to manually register a new TOTP device for about 12 hours...

Legal Robot: 2FA manual entry uses wrong encoding

As in report 260491, a security researcher discovered that following another change from report 259415, we used the wrong encoding for the manually entered secret. No sensitive data was exposed and there was no security risk, but users were unable to manually register a new TOTP device for about ...

CVE-2017-10709

The lockscreen on Elephone P9000 devices running Android 6.0 allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess...

CVE-2017-7898

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

Integer overflow

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the...

Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

Cookie leakage to wrong origins and non-restricted cookie acceptance

Security and maintenance release. - Security: Previously cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax follows newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, b...

Cookie leakage to wrong origins and non-restricted cookie acceptance

Cookie leakage to wrong origins and non-restricted cookie acceptance...

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure

The vulnerability in the coder/mat.c section of the console-based graphic editor ImageMagick exists due to insufficient testing of input data. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure application termination by using a mat file with an...

Information Disclosure

tomcat-coyote is vulnerable to information disclosure. The library contains a bug during the handling of pipelined requests when sending files. This can result in the response being sent for the wrong request. A malicious user can use this to allow the system to wrongly sent responses to them...

UBUNTU-CVE-2017-5403

When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox 52 and Thunderbird 52...

UBUNTU-CVE-2016-8644

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context...

CVE-2016-9850

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...

shopify-scripts: Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift

Hi, Phew, this was a tricky one as the cause wasn't next door to where the dereference happened! The file causing this is: a case when nil redo end $ ./dev/bin/mruby --version mruby 1.2.0 2015-11-17 $ ./dev/bin/mruby crash.rb crash.rb:1:3: '' interpreted as argument prefix trace: 0 crash.rb:3...

Fedora 25 : php-pecl-zip (2016-ea58a428a1)

Version 1.13.5 - Fixed bug php72660 NULL pointer dereference in zendvirtualcwd. Laruence - Fixed bug php68302 impossible to compile php with zip support. cmb - Fixed bug php70752 Depacking with wrong password leaves 0 length files. cmb Note that Tenable Network Security has extracted the precedin...

SUSE SLES11 Security Update : curl (SUSE-SU-2016:2449-1)

This update for curl fixes the following issues : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-7141: Fixed incorrect reuse of client certificates bsc997420. Note that Tenable Network Security...