CVE-2017-15708

CVE-2017-15708 : Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Syn Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate …

DSA-4077 gimp – security update

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed files are opened.

DSA-4076 asterisk – security update

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code.

LibTIFF CVE-2017-17942 Heap Based Buffer Overflow Vulnerability

LibTIFF CVE-2017-17942 Heap Based Buffer Overflow Vulnerability Bugtraq ID: 102312 Class: Boundary Condition Error CVE: CVE-2017-17942 Remote: Yes Local: No Published: Dec 28 2017 12:00AM Updated: Dec 28 2017 12:00AM Credit: The vendor reported this issue. Vulnerable: Redhat Enterprise Linux 7Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 …

Wireshark ‘epan/wslua/wslua_file.c’ Denial of Service Vulnerability

Vulnerable: Wireshark Wireshark 2.2.11 Wireshark Wireshark 2.2.10 Wireshark Wireshark 2.2.9 Wireshark Wireshark 2.2.8 Wireshark Wireshark 2.2.7 Wireshark Wireshark 2.2.6 Wireshark Wireshark 2.2.5 Wireshark Wireshark 2.2.4 Wireshark Wireshark 2.2.3 Wireshark Wireshark 2.2.2 Wireshark Wireshark 2.2.1 Wireshark Wireshark 2.2 Wireshark Wireshark 1.12.13 Wireshark Wireshark 1.12.12 Wireshark Wireshark 1.12.11 Wireshark Wireshark 1.12.10 Wireshark Wireshark 1.12.8 Wireshark Wireshark 1.12.7 Wireshark Wireshark 1.12.6 Wireshark Wireshark …

Critical “Same Origin Policy” Bypass Flaw Found in Samsung Android Browser

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version 5.4.02.3 …

Two Romanians Charged With Hacking Police CCTV Cameras Before Trump Inauguration

Remember how some cybercriminals shut down most of Washington D.C. police’s security cameras for four days ahead of President Donald Trump’s inauguration earlier this year? Just a few days after the incident, British authorities arrested two people in the United Kingdom, identified as a British man and a Swedish woman, both 50-year-old, on request of U.S. officials. But now US …

DSA-4075 thunderbird – security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender’s email addresses.

Daniel Lerch: “Steganography is a Tool of Great Interest to Cybercriminals”

Elliot Alderson hides secret information in audio CD files. However, the technique used by the fictional hacker protagonist of “Mr Robot” is far from being a TV whimsy. This is just one of the many steganography techniques used by hackers and cybercriminals to evade security systems. From the Greek steganos (hidden) and graphos (writing), steganography is a method of hiding …