Feed aggregator

  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.
  • warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /var/www/vhosts/wayhorn.com/httpdocs/modules/aggregator/aggregator.pages.inc on line 260.

Disney Will Price Streaming Service At $5 Per Month, Analyst Says

Slashdot - Tue, 08/22/2017 - 07:50
Earlier this month, Disney announced it would end its distribution deal with Netflix and launch its own streaming service in 2019. Now, according to MoffettNathanson analyst Michael Nathanson, we have learned that Disney's new streaming service will be priced around $5 per month in order to drive wider adoption. FierceCable reports: Nathanson said that the new Disney streaming service and the upcoming ESPN streaming service need a clear distinction. The ESPN service will likely test different prices as it prepares ESPN to be ready to go fully over-the-top, according to the report, but the Disney service is about building asset value instead of taking licensing money from SVOD deals. At $5 per month in ARPU, Nathanson sees revenues from the Disney streaming service ranging from $34 million to $38 million in the first year and more than $230 million by year three. But with the loss of Netflix licensing revenues and accelerated marketing costs for launching the new service, Nathanson predicted Disney's losses will increase by about $200 million to $425 million per year. If Disney's new streaming service does end up costing around $5 per month, could you justify paying for it?

Read more of this story at Slashdot.

Energy Firm Slapped With $65,000 Fine For Making 1.5 Million Nuisance Calls

Slashdot - Tue, 08/22/2017 - 07:20
A UK firm offering people energy-saving solutions has been fined after making almost 1.5 million unsolicited calls without checking if the numbers were registered on the UK's opt-out database. From a report: Southampton-based Home Logic used a dialler system to screen the telephone numbers that it planned to call against the Telephone Preference Service register, which allows people to opt out of receiving marketing calls. This system was unavailable for at least 90 days out of the 220 between April 2015 and March 2016 due to technical issues -- but that didn't stop Home Logic from continuing to make phone calls. Some 1,475,969 were made in that time. And, as a result, Blighty's data protection watchdog the Information Commissioner's Office received 133 complaints about the firm from people who had registered with the TPS and did not expect to be picking up the phone to marketeers. It ruled that the biz had breached the Privacy and Electronic Communications Regulations and duly fined it 50,000 pound ($64,500).

Read more of this story at Slashdot.

Scientists Create Smart Labels To Tell You When To Throw Away Expired Food and Makeup

Slashdot - Tue, 08/22/2017 - 06:40
At the 254th National Meeting and Exposition of the American Chemical Society, researchers are presenting a low-cost, portable, paper-based sensor that can let you know when to toss food and cosmetics. The sensor can detect antioxidants in tea and wine, and be used to explore remote locations, such as the Amazon rainforest, in search of natural sources of antioxidants. "I've always been interested in developing technologies that are accessible to both industry and the general population," Silvana Andreescu, Ph.D., says. "My lab has built a versatile sensing platform that incorporates all the needed reagents for detection in a piece of paper. At the same time, it is adaptable to different targets, including food contaminants, antioxidants and free radicals that indicate spoilage." Phys.Org reports: What sets Andreescu's sensors apart from others, she says, are the nanostructures they use to catch and bind to compounds they're looking for. "Most people working on similar sensors use solutions that migrate on channels," Andreescu says. "We use stable, inorganic particles that are redox active. When they interact with the substances we want to detect, they change color, and the intensity of the change tells us how concentrated the analyte is." Additionally, because all of the reagents needed to operate the device are incorporated in the paper, users don't need to add anything other than the sample being tested. The American Chemical Society has published a video detailing the sensor. Their paper has been published in the journal Analyst.

Read more of this story at Slashdot.

Leading Chinese Bitcoin Miner Wants To Cash In On AI

Slashdot - Tue, 08/22/2017 - 06:00
hackingbear writes: Bitmain, the most influential company in the bitcoin economy by the sheer amount of processing power, or hash rate, that it controls, plans to unleash its bitcoin mining ASIC technology to AI applications. The company designed a new deep learning processor Sophon, named after a alien-made, proton-sized supercomputer in China's seminal science-fiction novel, The Three-Body Problem . The idea is to etch in silicon in some of the most common deep learning algorithms, thus greatly boosting efficiency. Users will be able to apply their own datasets and build their own models on these ASICs, allowing the resulting neural networks to generate results and learn from those results at a far quicker pace. The company hopes that thousands of Bitmain Sophon units soon could be training neural networks in vast data centers around the world.

Read more of this story at Slashdot.

Microsoft Outlines the Upgrade Procedures For Xbox One X

Slashdot - Tue, 08/22/2017 - 05:20
An anonymous reader quotes a report from Ars Technica: The easiest way to get all your games to the new system, as outlined by Microsoft Vice President Mike Ybarra, will be to just put them on an external USB hard drive and then plug that drive into the new console. "All your games are ready to play" immediately after this external hard drive move, he said, and user-specific settings can also be copied via external hard drive in the same way. If you don't have an external drive handy, "we're going to let you copy games and apps off your home network instead of having to manually move them or redownload them off the Internet," Ybarra said. It's unclear right now if Microsoft will mirror the PS4 Pro and allow this kind of system-to-system transfer using an Ethernet cable plugged directly into both consoles. For those who want to see as many pixels as possible as quickly as possible when they get their Xbox One X, Ybarra says you'll be able to download 4K updates for supported games before the Xbox One X is even available, then use those updates immediately after the system transfer. Microsoft also released a list of 118 current and upcoming games that will be optimized for the Xbox One X via updates, a big increase from the few dozens announced back at E3.

Read more of this story at Slashdot.

Android O Is Now Officially Android Oreo

Slashdot - Tue, 08/22/2017 - 04:40
Android O is now officially going by the name of Android Oreo. The operating system is available today via Google's Android Open Source Project. OTA rollout is expected to arrive first to Pixel and Nexus devices, with builds currently in carrier testing. The Verge reports: The use of an existing brand makes sense for Google here -- there aren't a ton of good "O" dessert foods out there, and Oreos are pretty much as universally beloved as a cookie can be. There's also precedent for the partnership, as Google had previously teamed up with Nestle and Hershey's to call Android 4.4 KitKat.

Read more of this story at Slashdot.

Bugtraq: Microsoft Resnet - DNS Configuration Web Vulnerability

SecurityFocus Vulnerabilities/Bugtraq - Tue, 08/22/2017 - 00:00
Microsoft Resnet - DNS Configuration Web Vulnerability

DNSSEC Key Signing Key Rollover

US-CERT - Mon, 08/21/2017 - 23:38
Original release date: August 21, 2017

On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. 

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.

US-CERT encourages administrators to update their DNSSEC KSK before October 11, 2017. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


How the Voyager Golden Record Was Made

Slashdot - Mon, 08/21/2017 - 23:20
Fascinating article on The New Yorker about how the Voyager Golden Record was made: The Voyagers' scientific mission will end when their plutonium-238 thermoelectric power generators fail, around the year 2030. After that, the two craft will drift endlessly among the stars of our galaxy -- unless someone or something encounters them someday. With this prospect in mind, each was fitted with a copy of what has come to be called the Golden Record. Etched in copper, plated with gold, and sealed in aluminum cases, the records are expected to remain intelligible for more than a billion years, making them the longest-lasting objects ever crafted by human hands. We don't know enough about extraterrestrial life, if it even exists, to state with any confidence whether the records will ever be found. They were a gift, proffered without hope of return. I became friends with Carl Sagan, the astronomer who oversaw the creation of the Golden Record, in 1972. He'd sometimes stop by my place in New York, a high-ceilinged West Side apartment perched up amid Norway maples like a tree house, and we'd listen to records. Lots of great music was being released in those days, and there was something fascinating about LP technology itself. A diamond danced along the undulations of a groove, vibrating an attached crystal, which generated a flow of electricity that was amplified and sent to the speakers. At no point in this process was it possible to say with assurance just how much information the record contained or how accurately a given stereo had translated it. The open-endedness of the medium seemed akin to the process of scientific exploration: there was always more to learn.

Read more of this story at Slashdot.

Apple Looks For Exceptional Engineer With a Secret Job Posting

Slashdot - Mon, 08/21/2017 - 22:40
An anonymous reader writes: A hidden Apple website that hosts a job description and invitation to apply for an important position has recently been discovered. The posting describes a role that should be filled by a "talented engineer" who will develop a critical infrastructure component for the company's ecosystem. Discovered late yesterday by ZDNet's Zach Whittaker, the secret posting was found at us-west-1.blobstore.apple.com (now pulled). The posting stated how critical the role is, the scale of the work, key qualifications, and a description of the type of employee Apple is looking for. In the "How Critical?" section Apple says that the engineer will be working on developing infrastructure that will deal with millions of drives, tens of thousands of servers, and Exabytes of data.

Read more of this story at Slashdot.

The Windows App Store is Full of Pirate Streaming Apps

Slashdot - Mon, 08/21/2017 - 22:00
Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.

Read more of this story at Slashdot.

Mozilla Releases Security Update

US-CERT - Mon, 08/21/2017 - 19:32
Original release date: August 21, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Speech Recognition Now As Accurate As Professional Transcribers

Slashdot - Mon, 08/21/2017 - 19:30
An anonymous reader quotes TechCrunch: Microsoft announced today that its conversational speech recognition system has reached a 5.1% error rate, its lowest so far. This surpasses the 5.9% error rate reached last year by a group of researchers from Microsoft Artificial Intelligence and Research and puts its accuracy on par with professional human transcribers who have advantages like the ability to listen to text several times. Both studies transcribed recordings from the Switchboard corpus, a collection of about 2,400 telephone conversations that have been used by researchers to test speech recognition systems since the early 1990s. The new study was performed by a group of researchers at Microsoft AI and Research with the goal of achieving the same level of accuracy as a group of human transcribers who were able to listen to what they were transcribing several times, access its conversational context and work with other transcribers.

Read more of this story at Slashdot.

SB17-233: Vulnerability Summary for the Week of August 14, 2017

US-CERT - Mon, 08/21/2017 - 19:16
Original release date: August 21, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11211
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11212
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11214
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11216
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11218
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11219
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11220
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11221
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11222
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11223
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11224
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11226
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11227
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11228
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11231
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11234
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11235
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11237
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11241
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11251
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11256
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11257
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11259
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11260
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11261
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11262
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11267
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11268
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11269
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11270
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-11271
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3016
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3113
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3116
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3117
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3120
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3121
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3123
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.2017-08-1110.0CVE-2017-3124
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-1110.0CVE-2017-11274
BID
SECTRACK
CONFIRMadobe -- experience_managerAdobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.2017-08-117.5CVE-2017-3108
BID
SECTRACK
CONFIRMadobe -- flash_playerAdobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.2017-08-119.3CVE-2017-3106
BID
SECTRACK
CONFIRM
EXPLOIT-DBgoogle -- androidIn an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.2017-08-167.6CVE-2016-5853
BID
CONFIRM
MISCgoogle -- androidIn a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow.2017-08-167.6CVE-2016-5859
BID
CONFIRM
MISCgoogle -- androidIn an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.2017-08-167.6CVE-2016-5860
BID
CONFIRM
MISCgoogle -- androidIn a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.2017-08-168.3CVE-2016-5861
SECTRACK
CONFIRM
MISCgoogle -- androidWhen a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.2017-08-167.6CVE-2016-5862
BID
CONFIRM
MISCgoogle -- androidIn an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.2017-08-169.3CVE-2016-5863
BID
CONFIRM
MISCgoogle -- androidIn an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.2017-08-169.3CVE-2016-5864
SECTRACK
CONFIRM
MISCgoogle -- androidIn a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.2017-08-167.6CVE-2016-5867
BID
CONFIRM
MISCgoogle -- androidA buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.2017-08-169.3CVE-2017-8243
BID
CONFIRMnexusphp_project -- nexusphpSQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.2017-08-177.5CVE-2017-12908
MISCnexusphp_project -- nexusphpSQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.2017-08-177.5CVE-2017-12909
MISCnexusphp_project -- nexusphpSQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.2017-08-177.5CVE-2017-12910
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11209
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11210
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11217
BID
SECTRACK
MISC
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).2017-08-116.8CVE-2017-11229
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11230
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11232
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11233
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11236
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11238
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11239
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11242
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11243
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11244
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11245
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11246
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11248
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11249
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11252
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.2017-08-116.8CVE-2017-11254
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11255
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11258
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.2017-08-116.8CVE-2017-11263
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-11265
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document.2017-08-114.3CVE-2017-3115
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.2017-08-114.3CVE-2017-3118
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution.2017-08-116.8CVE-2017-3119
BID
SECTRACK
CONFIRMadobe -- acrobat_readerAdobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.2017-08-114.3CVE-2017-3122
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.2017-08-115.0CVE-2017-11272
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11275
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11276
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11277
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11278
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11279
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-11280
BID
SECTRACK
CONFIRMadobe -- digital_editionsAdobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2017-08-115.0CVE-2017-3091
BID
SECTRACK
CONFIRMadobe -- experience_managerAdobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.2017-08-115.0CVE-2017-3107
BID
SECTRACK
CONFIRMadobe -- experience_managerAdobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.2017-08-115.0CVE-2017-3110
BID
SECTRACK
CONFIRMadobe -- flash_playerAdobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.2017-08-115.0CVE-2017-3085
BID
SECTRACK
MISC
MISC
CONFIRMcacti -- cactiA cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.2017-08-174.3CVE-2017-12927
SECTRACK
CONFIRM
CONFIRMgoogle -- androidIn the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.2017-08-165.8CVE-2017-6421
SECTRACK
CONFIRM
MISCgoogle -- androidAn array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.2017-08-114.3CVE-2017-8258
BID
CONFIRMgoogle -- androidIn the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.2017-08-116.8CVE-2017-8259
BID
CONFIRMgoogle -- androidA userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.2017-08-116.8CVE-2017-8264
BID
CONFIRMgoogle -- androidUserspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.2017-08-114.3CVE-2017-8269
BID
CONFIRMgoogle -- androidOut of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.2017-08-116.8CVE-2017-8271
BID
CONFIRMgoogle -- androidIn all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.2017-08-116.8CVE-2017-8273
BID
CONFIRMgraphicsmagick -- graphicsmagickThe ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.2017-08-186.8CVE-2017-12935
MISC
MISCgraphicsmagick -- graphicsmagickThe ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.2017-08-186.8CVE-2017-12936
MISC
MISCgraphicsmagick -- graphicsmagickThe ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.2017-08-186.8CVE-2017-12937
MISC
MISCibm -- emptoris_strategic_supply_managementIBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.2017-08-144.3CVE-2016-6029
CONFIRM
MISCibm -- emptoris_strategic_supply_managementIBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.2017-08-146.2CVE-2017-1190
CONFIRM
MISCminidjvu_project -- minidjvuThe row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.2017-08-174.3CVE-2017-12441
FULLDISCminidjvu_project -- minidjvuThe row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.2017-08-174.3CVE-2017-12442
FULLDISCminidjvu_project -- minidjvuThe mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.2017-08-174.3CVE-2017-12443
FULLDISCminidjvu_project -- minidjvuThe mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.2017-08-174.3CVE-2017-12444
FULLDISCminidjvu_project -- minidjvuThe JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.2017-08-174.3CVE-2017-12445
FULLDISCnexusphp_project -- nexusphpCross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.2017-08-174.3CVE-2017-12907
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofortinet -- fortimanager_firmwareCross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.2017-08-113.5CVE-2015-3615
SECTRACK
CONFIRMgoogle -- androidIn all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.2017-08-162.6CVE-2016-5347
BID
CONFIRM
MISC
MISCgoogle -- androidIn a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.2017-08-162.6CVE-2016-5854
BID
CONFIRM
MISCgoogle -- androidIn a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.2017-08-162.6CVE-2016-5855
BID
CONFIRM
MISCgoogle -- androidIn an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.2017-08-162.6CVE-2016-5858
BID
CONFIRM
MISC
MISCibm -- emptoris_strategic_supply_managementIBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.2017-08-143.5CVE-2016-6021
CONFIRM
MISCsynology -- video_stationCross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.2017-08-113.5CVE-2017-9556
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info389-ds-base -- 389-ds-base
 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.2017-08-16not yet calculatedCVE-2017-7551
CONFIRMapache -- attic
 attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".2017-08-18not yet calculatedCVE-2015-4082
MLIST
BID
CONFIRM
CONFIRMapache -- openfire_xmpp_server
 OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.2017-08-18not yet calculatedCVE-2014-3451
MISC
MLIST
BUGTRAQ
BID
MISCapache -- sling
 The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.2017-08-14not yet calculatedCVE-2017-9802
BID
CONFIRM
MLISTassa_abloy_aptus -- styra_porttelefonkort_4400
 Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.2017-08-18not yet calculatedCVE-2017-7278
CONFIRMasus -- dsl-n10s_devices
 ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.2017-08-18not yet calculatedCVE-2017-12593
MISCasus -- dsl-n10s_devices
 ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.2017-08-18not yet calculatedCVE-2017-12592
MISCasus -- dsl-n10s_devices
 ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.2017-08-18not yet calculatedCVE-2017-12591
MISCaugeas -- augeas
 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.2017-08-17not yet calculatedCVE-2017-7555
BID
MISCbuffalo -- wcr-1166ds_devices
 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.2017-08-18not yet calculatedCVE-2017-10811
CONFIRM
JVNcisco -- anyconnect_secure_mobile_client_software
 The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).2017-08-17not yet calculatedCVE-2017-6788
BID
SECTRACK
CISCOcisco -- application_policy_infrastructure_controller
 A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).2017-08-17not yet calculatedCVE-2017-6767
BID
SECTRACK
CISCOcisco -- application_policy_infrastructure_controller
 A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).2017-08-17not yet calculatedCVE-2017-6768
BID
SECTRACK
CISCOcisco -- asr_5000_series_aggregated_services_routers

 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.2017-08-17not yet calculatedCVE-2017-6775
BID
SECTRACK
CISCOcisco -- asr_5000_series_aggregated_services_routers

 A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.2017-08-17not yet calculatedCVE-2017-6774
BID
SECTRACK
CISCOcisco -- asr_5000_series_aggregated_services_routers
 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.2017-08-17not yet calculatedCVE-2017-6773
BID
SECTRACK
CISCOcisco -- elastic_services_controllerA vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.2017-08-17not yet calculatedCVE-2017-6778
BID
CISCOcisco -- elastic_services_controller
 A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1).2017-08-17not yet calculatedCVE-2017-6776
BID
CISCOcisco -- elastic_services_controller
 A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2).2017-08-17not yet calculatedCVE-2017-6772
BID
CISCOcisco -- elastic_services_controller
 A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2).2017-08-17not yet calculatedCVE-2017-6777
BID
CISCOcisco -- elastic_services_controller
 A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76).2017-08-17not yet calculatedCVE-2017-6786
BID
CISCOcisco -- multiple_appliances
 A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).2017-08-17not yet calculatedCVE-2017-6783
BID
SECTRACK
SECTRACK
SECTRACK
CISCOcisco -- policy_suite_software
 A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.2017-08-17not yet calculatedCVE-2017-6781
BID
CISCOcisco -- prime_infrastructure
 A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0).2017-08-17not yet calculatedCVE-2017-6782
BID
SECTRACK
CISCOcisco -- rv340_series_routers
 A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16.2017-08-17not yet calculatedCVE-2017-6784
BID
SECTRACK
CISCOcisco -- telepresence_video_communication_server
 A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.2017-08-17not yet calculatedCVE-2017-6790
BID
SECTRACK
CISCOcisco -- ultra_services_framework
 A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839.2017-08-17not yet calculatedCVE-2017-6771
BID
CISCOcisco -- unified_communications_manager
 A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).2017-08-17not yet calculatedCVE-2017-6785
BID
SECTRACK
CISCOcisco -- virtual_network_function_element_manager
 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4.2017-08-17not yet calculatedCVE-2017-6710
BID
CISCOd-link -- dr-600_rev_bx_devices
 D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.2017-08-18not yet calculatedCVE-2017-12943
MISCdivio_ag -- django_cms
 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.2017-08-18not yet calculatedCVE-2015-5081
MLIST
CONFIRM
CONFIRMelastic -- x-pack_security_tls

 The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.2017-08-18not yet calculatedCVE-2017-8446
CONFIRMelastic -- x-pack_security_tls
 An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.2017-08-18not yet calculatedCVE-2017-8445
CONFIRMestsoft -- alzip
 Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.2017-08-19not yet calculatedCVE-2017-11323
MISC
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.2017-08-18not yet calculatedCVE-2017-12955
MISCexiv2 -- exiv2
 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.2017-08-18not yet calculatedCVE-2017-12957
MISCexiv2 -- exiv2
 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.2017-08-18not yet calculatedCVE-2017-12956
MISCfoxit_software -- pdf_compressor
 Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.2017-08-16not yet calculatedCVE-2017-12892
BID
CONFIRMfree_software_foundation -- gnu_bitutils
 The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.2017-08-19not yet calculatedCVE-2017-12967
CONFIRMfree_software_foundation -- gnu_pspp
 There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.2017-08-18not yet calculatedCVE-2017-12960
MISCfree_software_foundation -- gnu_pspp
 There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.2017-08-18not yet calculatedCVE-2017-12961
MISCfree_software_foundation -- gnu_pspp
 There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.2017-08-18not yet calculatedCVE-2017-12958
MISCfree_software_foundation -- gnu_pspp
 There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack.2017-08-18not yet calculatedCVE-2017-12959
MISCfuji -- electric_monitouch_vt-sft

 A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution.2017-08-14not yet calculatedCVE-2017-9660
BID
MISC
MISCfuji -- electric_monitouch_vt-sft
 A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution.2017-08-14not yet calculatedCVE-2017-9659
BID
MISC
MISC
MISCfuji -- electric_monitouch_vt-sft

 An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges.2017-08-14not yet calculatedCVE-2017-9662
BID
MISC
MISCganeti -- ganeti
 The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.2017-08-18not yet calculatedCVE-2015-7944
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISCganeti -- ganeti
 The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.2017-08-18not yet calculatedCVE-2015-7945
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISCgitlab -- community_and_enterprise_editions
 GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.2017-08-14not yet calculatedCVE-2017-12426
CONFIRM
MLISTgnome_project -- librest
 The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.2017-08-18not yet calculatedCVE-2015-2675
REDHAT
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675.2017-08-18not yet calculatedCVE-2017-0687
BID
CONFIRMhawtio -- hawtio
 Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.2017-08-17not yet calculatedCVE-2017-7556
BID
CONFIRMibm -- doors_next_generation
 IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.2017-08-18not yet calculatedCVE-2017-1338
CONFIRM
BID
MISCibm -- infosphere_information_server
 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.2017-08-14not yet calculatedCVE-2017-1469
CONFIRM
BID
MISCibm -- websphere_application_server
 IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.2017-08-18not yet calculatedCVE-2017-1501
CONFIRM
BID
SECTRACK
MISCjapanese_ministry_of_economy_trade_ and_industry -- shin_kinkyuji_houkoku_data_nyuryoku_program
 Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on March 10, 2011), distributed on the website till May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-10823
JVNjapanese_ministry_of_economy_trade_ and_industry -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program
 Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-10822
JVNjapanese_ministry_of_economy_trade_ and_industry -- teikihoukokusho_sakuseishien_tool
 Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-2228
JVNjapanese_ministry_of_economy_trade_ and_industry -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program
 Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-10821
JVNjoomla! -- joomla!
 The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.2017-08-18not yet calculatedCVE-2015-4071
MISC
FULLDISC
FULLDISC
BID
EXPLOIT-DBkanboard -- kanboard
 An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.2017-08-14not yet calculatedCVE-2017-12850
BID
CONFIRMkanboard -- kanboard
 An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.2017-08-14not yet calculatedCVE-2017-12851
BID
CONFIRMkayson_group -- phpgrid
 Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.2017-08-18not yet calculatedCVE-2017-10665
CONFIRM
MISCkddi -- qua
 Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-2289
JVNkguard -- digital_video_recorder
 KGuard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.2017-08-18not yet calculatedCVE-2015-4464
MISC
BUGTRAQ
BID
MISClasso -- lasso
 The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.2017-08-11not yet calculatedCVE-2015-1783
FEDORA
FEDORA
FEDORA
CONFIRM
MISClenovo -- thinkpad
 A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.2017-08-18not yet calculatedCVE-2017-3756
BID
CONFIRMlibsass -- libsass
 There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).2017-08-18not yet calculatedCVE-2017-12963
MISClibsass -- libsass
 There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.2017-08-18not yet calculatedCVE-2017-12964
MISClibsass -- libsass
 There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.2017-08-18not yet calculatedCVE-2017-12962
MISClibtiff -- libtiff
 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.2017-08-18not yet calculatedCVE-2017-12944
CONFIRMlinux -- linux_kernel
 The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.2017-08-19not yet calculatedCVE-2017-10662
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel

 Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.2017-08-19not yet calculatedCVE-2017-10661
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.2017-08-19not yet calculatedCVE-2017-10663
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.2017-08-17not yet calculatedCVE-2011-0469
MISC
MISC
MISCmozilla -- firefox
 Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.2017-08-18not yet calculatedCVE-2007-5341
CONFIRM
CONFIRM
CONFIRMmusl -- libc
 Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.2017-08-18not yet calculatedCVE-2015-1817
MLIST
BIDnessusphp -- nessusphp
 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.2017-08-18not yet calculatedCVE-2017-12680
MISCnessusphp -- nessusphp
 SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.2017-08-18not yet calculatedCVE-2017-12776
MISCnetapp -- ontap
 NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.2017-08-18not yet calculatedCVE-2017-12859
CONFIRMnetapp -- ontap
 Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.2017-08-18not yet calculatedCVE-2017-12420
CONFIRMnumpy -- numpy
 The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.2017-08-15not yet calculatedCVE-2017-12852
CONFIRMopencv -- opencv
 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.2017-08-15not yet calculatedCVE-2017-12863
MISCopencv -- opencv
 In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.2017-08-15not yet calculatedCVE-2017-12862
MISCopencv -- opencv
 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.2017-08-15not yet calculatedCVE-2017-12864
MISCopenstack -- aodh
 Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.2017-08-18not yet calculatedCVE-2017-12440
CONFIRM
CONFIRM
CONFIRM
CONFIRMosisoft -- multiple_products
 An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.2017-08-14not yet calculatedCVE-2017-9653
BID
MISC
CONFIRMosisoft -- multiple_products
 A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.2017-08-14not yet calculatedCVE-2017-9655
BID
MISC
CONFIRMpaessler -- prtg_network_monitor
 Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-08-18not yet calculatedCVE-2017-9816
CONFIRMphp_group -- phpext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.2017-08-17not yet calculatedCVE-2017-12934
CONFIRM
CONFIRMphp_group -- php
 The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.2017-08-17not yet calculatedCVE-2017-12933
CONFIRM
CONFIRM
CONFIRMphp_group -- php
 ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.2017-08-17not yet calculatedCVE-2017-12932
CONFIRM
CONFIRM
CONFIRMpostgresql -- postgresql
 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.2017-08-16not yet calculatedCVE-2017-7548
BID
SECTRACK
CONFIRMpostgresql -- postgresql
 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.2017-08-16not yet calculatedCVE-2017-7547
BID
SECTRACK
CONFIRMpostgresql -- postgresql
 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.2017-08-16not yet calculatedCVE-2017-7546
BID
SECTRACK
CONFIRMpulp -- pulp
 Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.2017-08-18not yet calculatedCVE-2015-5153
CONFIRMqnap -- ts212p_devices
 Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.2017-08-18not yet calculatedCVE-2017-12582
MISCqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.2017-08-18not yet calculatedCVE-2017-8255
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.2017-08-18not yet calculatedCVE-2017-8256
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.2017-08-18not yet calculatedCVE-2017-8265
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.2017-08-18not yet calculatedCVE-2017-8261
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.2017-08-18not yet calculatedCVE-2015-9038
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.2017-08-18not yet calculatedCVE-2014-9979
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.2017-08-18not yet calculatedCVE-2014-9981
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.2017-08-18not yet calculatedCVE-2017-8270
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.2017-08-18not yet calculatedCVE-2015-9061
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.2017-08-18not yet calculatedCVE-2017-8272
BID
CONFIRMqualcomm -- android_productsIn all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().2017-08-18not yet calculatedCVE-2017-9678
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.2017-08-18not yet calculatedCVE-2015-8593
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.2017-08-18not yet calculatedCVE-2015-8594
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.2017-08-18not yet calculatedCVE-2015-8592
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.2017-08-18not yet calculatedCVE-2015-8596
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.2017-08-18not yet calculatedCVE-2015-9043
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.2017-08-18not yet calculatedCVE-2015-9042
BID
CONFIRMqualcomm -- android_products

 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.2017-08-18not yet calculatedCVE-2015-9044
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.2017-08-18not yet calculatedCVE-2015-9045
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.2017-08-18not yet calculatedCVE-2015-9047
BID
CONFIRMqualcomm -- android_products

 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.2017-08-18not yet calculatedCVE-2015-9046
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.2017-08-18not yet calculatedCVE-2015-9041
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.2017-08-18not yet calculatedCVE-2015-9040
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.2017-08-18not yet calculatedCVE-2015-9034
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.2017-08-18not yet calculatedCVE-2015-0576
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.2017-08-18not yet calculatedCVE-2015-9035
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.2017-08-18not yet calculatedCVE-2015-9036
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.2017-08-18not yet calculatedCVE-2015-9039
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.2017-08-18not yet calculatedCVE-2015-9037
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.2017-08-18not yet calculatedCVE-2015-8595
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.2017-08-18not yet calculatedCVE-2017-7364
SECTRACK
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.2017-08-18not yet calculatedCVE-2014-9971
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.2017-08-18not yet calculatedCVE-2014-9969
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.2017-08-18not yet calculatedCVE-2014-9972
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.2017-08-18not yet calculatedCVE-2014-9973
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.2017-08-18not yet calculatedCVE-2017-8267
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.2017-08-18not yet calculatedCVE-2017-8268
BID
CONFIRMqualcomm -- android_products

 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.2017-08-18not yet calculatedCVE-2014-9968
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.2017-08-18not yet calculatedCVE-2017-9679
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.2017-08-18not yet calculatedCVE-2017-9685
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.2017-08-18not yet calculatedCVE-2014-9411
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.2017-08-18not yet calculatedCVE-2017-9684
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.2017-08-18not yet calculatedCVE-2017-9682
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.2017-08-18not yet calculatedCVE-2017-9680
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.2017-08-18not yet calculatedCVE-2017-8266
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.2017-08-18not yet calculatedCVE-2017-8263
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.2017-08-18not yet calculatedCVE-2015-9048
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.2017-08-18not yet calculatedCVE-2014-9976
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.2017-08-18not yet calculatedCVE-2014-9977
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.2017-08-18not yet calculatedCVE-2014-9978
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.2017-08-18not yet calculatedCVE-2015-0574
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.2017-08-18not yet calculatedCVE-2014-9980
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.2017-08-18not yet calculatedCVE-2014-9975
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.2017-08-18not yet calculatedCVE-2014-9974
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.2017-08-18not yet calculatedCVE-2017-8260
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.2017-08-18not yet calculatedCVE-2017-8262
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.2017-08-18not yet calculatedCVE-2017-8257
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.2017-08-18not yet calculatedCVE-2017-8254
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.2017-08-18not yet calculatedCVE-2017-8253
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.2017-08-18not yet calculatedCVE-2015-0575
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.2017-08-18not yet calculatedCVE-2015-9049
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.2017-08-18not yet calculatedCVE-2015-9069
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.2017-08-18not yet calculatedCVE-2016-10392
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.2017-08-18not yet calculatedCVE-2016-10388
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.2017-08-18not yet calculatedCVE-2016-10389
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.2017-08-18not yet calculatedCVE-2016-10390
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.2017-08-18not yet calculatedCVE-2016-5872
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.2017-08-18not yet calculatedCVE-2015-9067
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.2017-08-18not yet calculatedCVE-2015-9063
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.2017-08-18not yet calculatedCVE-2015-9064
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.2017-08-18not yet calculatedCVE-2015-9065
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.2017-08-18not yet calculatedCVE-2015-9066
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.2017-08-18not yet calculatedCVE-2016-10391
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.2017-08-18not yet calculatedCVE-2016-10382
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.2017-08-18not yet calculatedCVE-2016-10346
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.2017-08-18not yet calculatedCVE-2016-10347
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.2017-08-18not yet calculatedCVE-2016-10380
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.2017-08-18not yet calculatedCVE-2016-10381
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.2017-08-18not yet calculatedCVE-2016-10344
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.2017-08-18not yet calculatedCVE-2016-10343
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.2017-08-18not yet calculatedCVE-2015-9070
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.2017-08-18not yet calculatedCVE-2015-9071
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.2017-08-18not yet calculatedCVE-2015-9072
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.2017-08-18not yet calculatedCVE-2015-9073
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.2017-08-18not yet calculatedCVE-2015-9062
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.2017-08-18not yet calculatedCVE-2015-9068
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.2017-08-18not yet calculatedCVE-2015-9050
BID
CONFIRMqualcomm -- android_products

 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.2017-08-18not yet calculatedCVE-2015-9051
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.2017-08-18not yet calculatedCVE-2016-10383
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.2017-08-18not yet calculatedCVE-2015-9053
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.2017-08-18not yet calculatedCVE-2015-9052
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.2017-08-18not yet calculatedCVE-2015-9055
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.2017-08-18not yet calculatedCVE-2015-9060
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.2017-08-18not yet calculatedCVE-2016-5871
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.2017-08-18not yet calculatedCVE-2016-10386
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.2017-08-18not yet calculatedCVE-2016-10385
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.2017-08-18not yet calculatedCVE-2016-10387
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.2017-08-18not yet calculatedCVE-2015-9054
BID
CONFIRMqualcomm -- android_products
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.2017-08-18not yet calculatedCVE-2016-10384
CONFIRMqualcomm -- apple_products
 A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.2017-08-16not yet calculatedCVE-2017-8248
FULLDISC
BID
SECTRACKquali -- cloudshell
 Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.2017-08-18not yet calculatedCVE-2017-9767
MISC
BUGTRAQ
EXPLOIT-DBrarlab -- unrar
 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.2017-08-18not yet calculatedCVE-2017-12942
MISC

rarlab -- unrar

 

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.2017-08-18not yet calculatedCVE-2017-12940
MISCrarlab -- unrar
 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.2017-08-18not yet calculatedCVE-2017-12941
MISCrarlab -- unrar
 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.2017-08-18not yet calculatedCVE-2017-12938
MISCrazer -- synapse
 Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.2017-08-18not yet calculatedCVE-2017-11653
MISCrazer -- synapse
 Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.2017-08-18not yet calculatedCVE-2017-11652
MISCrealtime -- rwr-3g-100_router_firmware
 The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.2017-08-14not yet calculatedCVE-2017-12853
MISC
EXPLOIT-DBresiprocate -- resiprocate
 Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.2017-08-18not yet calculatedCVE-2017-9454
CONFIRM
MLISTruby -- ruby
 The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.2017-08-18not yet calculatedCVE-2015-3649
MISC
MLIST
BID
MISC
MISC
MISCsimplight -- scada_software
 An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code.2017-08-14not yet calculatedCVE-2017-9661
BID
MISCsolar_controls -- heating_control_downloader
 An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.2017-08-14not yet calculatedCVE-2017-9646
BID
MISCsolar_controls -- wattconfig_m_software
 An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.2017-08-14not yet calculatedCVE-2017-9648
BID
MISCspring_batch_admin -- spring_batch_admin
 Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.2017-08-18not yet calculatedCVE-2017-12882
MLIST
BIDspring_batch_admin -- spring_batch_admin
 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.2017-08-18not yet calculatedCVE-2017-12881
MLIST
BIDstrongswan -- strongswan
 The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.2017-08-18not yet calculatedCVE-2017-11185
CONFIRMsymantec -- messaging_gateway
 The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.2017-08-11not yet calculatedCVE-2017-6327
BID
EXPLOIT-DB
CONFIRMsynology -- assistant
 Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.2017-08-18not yet calculatedCVE-2017-11160
CONFIRMsynology -- chat
 Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.2017-08-11not yet calculatedCVE-2017-11148
BID
CONFIRMsynology -- download_station
 Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.2017-08-14not yet calculatedCVE-2017-11156
CONFIRMsynology -- download_station
 Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.2017-08-14not yet calculatedCVE-2017-11149
CONFIRMsynology -- office
 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.2017-08-14not yet calculatedCVE-2017-11150
CONFIRMteikoku_databank_ltd -- tbd_ca_typea
 Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until August 10, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-08-18not yet calculatedCVE-2017-10824
JVNthales -- nshield_connect_hardware_models
 Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel.2017-08-18not yet calculatedCVE-2015-1878
SECTRACKtomax -- r60g_devices
 ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.2017-08-18not yet calculatedCVE-2017-12589
MISCunity_technologies --unity_editor
 A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.2017-08-18not yet calculatedCVE-2017-12939
CONFIRMwildmidi -- wildmidi
 The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.2017-08-17not yet calculatedCVE-2017-11661
FULLDISC
EXPLOIT-DBwildmidi -- wildmidi
 The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.2017-08-17not yet calculatedCVE-2017-11663
FULLDISC
EXPLOIT-DBwildmidi -- wildmidi
 The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.2017-08-17not yet calculatedCVE-2017-11664
FULLDISC
CONFIRM
EXPLOIT-DBwildmidi -- wildmidi
 The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.2017-08-17not yet calculatedCVE-2017-11662
FULLDISC
EXPLOIT-DBwordpress -- wordpress
 classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.2017-08-18not yet calculatedCVE-2017-12947
MISC
MISCwordpress -- wordpress
 Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.2017-08-18not yet calculatedCVE-2017-12948
MISCwordpress -- wordpress
 lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.2017-08-18not yet calculatedCVE-2017-12949
MISCwordpress -- wordpress
 classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.2017-08-18not yet calculatedCVE-2017-12946
MISC
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.2017-08-18not yet calculatedCVE-2015-5057
MLIST
BID
MISCx.org -- libxfont
 A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.2017-08-18not yet calculatedCVE-2007-5199
CONFIRM
CONFIRMxamarin -- xamarin.ios
 The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."2017-08-15not yet calculatedCVE-2017-8665
BID
CONFIRM
EXPLOIT-DBxen_project -- xen
 Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.2017-08-15not yet calculatedCVE-2017-12855
BID
SECTRACK
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Elon Musk Backs Call For A Global Ban On Killer Robots

Slashdot - Mon, 08/21/2017 - 15:30
An anonymous reader quotes CNN: Tesla boss Elon Musk is among a group of 116 founders of robotics and artificial intelligence companies who are calling on the United Nations to ban autonomous weapons. "Lethal autonomous weapons threaten to become the third revolution in warfare. Once developed, they will permit armed conflict to be fought at a scale greater than ever, and at timescales faster than humans can comprehend," the experts warn in an open letter released Monday... "Unlike other potential manifestations of AI, which still remain in the realm of science fiction, autonomous weapons systems are on the cusp of development right now and have a very real potential to cause significant harm to innocent people along with global instability," said Ryan Gariepy, the founder of Clearpath Robotics and the first person to sign the letter. More than a dozen countries -- including the United States, China, Israel, South Korea, Russia and Britain -- are currently developing autonomous weapons systems, according to Human Rights Watch.

Read more of this story at Slashdot.

Plex Responds, Will Allow Users To Opt Out Of Data Collection

Slashdot - Mon, 08/21/2017 - 11:34
stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data. Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with." And he emphasized that "we will never sell or share data related to YOUR content libraries."

Read more of this story at Slashdot.

Ask Slashdot: How Can You Teach Programming To Schoolchildren?

Slashdot - Mon, 08/21/2017 - 09:34
Slashdot reader SPopulisQR writes: A new school year is approaching and I wanted to ask what are appropriate programming languages for children of various ages. Specifically, 1) what coding languages should be considered, and 2) are there are any self-guided coding websites that can be used by children to learn coding using guidance and help online? Let's say the ages are 8 and 12. I know there's lots of opinions about CS education (and about whether or not laptops increase test scores). So leave your own best thoughts in the comments. How can you teach programming to schoolchildren?

Read more of this story at Slashdot.

Vuln: augeas CVE-2017-7555 Memory Corruption Vulnerability

SecurityFocus Vulnerabilities/Bugtraq - Mon, 08/21/2017 - 08:00
augeas CVE-2017-7555 Memory Corruption Vulnerability

Vuln: Mozilla Firefox CVE-2017-7783 Denial of Service Vulnerability

SecurityFocus Vulnerabilities/Bugtraq - Mon, 08/21/2017 - 08:00
Mozilla Firefox CVE-2017-7783 Denial of Service Vulnerability

Vuln: Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities/Bugtraq - Mon, 08/21/2017 - 08:00
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
Syndicate content