Gemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
Monthly Archives: June 2016
Papouch Backdoor Account / CSRF / Missing Authentication
Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.
HP StoreEver MSL6480 Tape Library 4.10 Weak Credentials / CSRF / Access Control
HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.
Gentoo Linux Security Advisory 201606-05
Gentoo Linux Security Advisory 201606-5 – Multiple vulnerabilities have been found in spice, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.12.7-r1 are affected.
Windows 10 users need more protection than basic Defender
Windows 10 users should install Avast antivirus protection for the highest level of security.
Using the right tool makes all the difference.
Everyone knows that you need the right tool to do a job. When you cut down a tree, you don’t use a butter knife, you use a chainsaw. It you want to win a Formula 1 race, you don’t drive a riding lawnmower.
The same rule applies to your PC’s security.
You can’t go up against today’s online threats without the best protection. That’s why Windows 10 users need to install strong antivirus software to run in parallel with Microsoft’s pre-installed antivirus, Defender.
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
CVE-2016-2392
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
CVE-2016-2538
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
CVE-2016-2841
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.