The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
Monthly Archives: September 2016
CVE-2016-7444
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVE-2016-7498
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.
Facebook releases Osquery Security Tool for Windows
OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.
But now the social network has announced that the company has developed a Windows version of its osquery tool, too.
When Facebook engineers want to monitor thousands of Apple Mac
New Google Tools Help Devs Improve Content Security Policy Protection
Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications.
Germany Bans Facebook From Collecting WhatsApp Data
Just last month, the most popular messaging app WhatsApp updated its privacy policy and T&Cs to start sharing its user data with its parent company, and now both the companies are in trouble, at least in Germany and India.
Both Facebook, as well as WhatsApp, have been told to immediately stop collecting and storing data on roughly 35 Million WhatsApp users in Germany.
The Hamburg
How to: Encrypt your messages in Facebook Messenger
As with What’s app messages now can be encrypted on the Facebook messenger, too. But how does it work exactly?
The post How to: Encrypt your messages in Facebook Messenger appeared first on Avira Blog.
Skype DLL Hijacking
The Skype installer suffers from a dll hijacking vulnerability.
Ipod Video Converter DLL Hijacking
Ipod Video Converter suffers from a dll hijacking vulnerability.
Debian Security Advisory 3679-1
Debian Linux Security Advisory 3679-1 – Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites.