A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.

WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.

Dup Scout Enterprise version 9.1.14 buffer overflow SEH exploit.

31c0n has announced its call for papers. It will take place February 23rd through the 24th, 2017 in Auckland, New Zealand.

Assisted GPS/GNSS data provided by Qualcomm for compatible receivers is often being served over HTTP without SSL. Additionally many of these files do not provide a digital signature to ensure that data was not tampered in transit. This can allow a network-level attacker to mount a MITM attack and modify the data while in transit. While HTTPS and digitally-signed files are both available, they are newer and not widely used yet.

Ubuntu Security Notice 3149-2 – USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.