Info-ZIP UnZip CVE-2014-8139 Remote Heap Buffer Overflow Vulnerability
Monthly Archives: January 2015
Vuln: Info-ZIP UnZip CVE-2014-8140 Out of Bounds Write Heap Buffer Overflow Vulnerability
Info-ZIP UnZip CVE-2014-8140 Out of Bounds Write Heap Buffer Overflow Vulnerability
Vuln: file CVE-2014-8117 Denial of Service Vulnerability
file CVE-2014-8117 Denial of Service Vulnerability
Vuln: file CVE-2014-8116 Multiple Denial of Service Vulnerabilities
file CVE-2014-8116 Multiple Denial of Service Vulnerabilities
Good for Enterprise Android HTML Injection (CVE-2014-4925)
Posted by Cláudio André on Jan 08
https://labs.integrity.pt/articles/good-for-enterprise-android-html-injection-cve-2014-4925/
1. Vulnerability Properties
Title: HTML Injection in Good for Enterprise Android
CVE ID: CVE-2014-4925
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vendor: Good Technology (http://www1.good.com/)
Products: Good for Enterprise Android (possibly others)
Advisory Release Date: 8 January 2015
Advisory URL:…
Fedora 21 Security Update: gd-2.1.0-8.fc21
Resolved Bugs
1076676 – CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()<br
Previous patch of #1076676 introduced memory leak.
Fedora 21 Security Update: curl-7.37.0-12.fc21
Fedora 20 Security Update: curl-7.32.0-18.fc20
TP-Link TL-WR840N Cross Site Request Forgery
The TP-Link TL-WR840N configuration import suffers from a cross site request forgery vulnerability.
Root Command Execution Flaw Haunts ASUS Routers
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]