libplist ‘base64encode()’ Function Local Denial of Service Vulnerability
Vuln: libplist 'parse_string_node()' Function Local Denial of Service Vulnerability
libplist ‘parse_string_node()’ Function Local Denial of Service Vulnerability
Splunk Enterprise Multiple Version Information Disclosure
Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks.
RHSA-2017:0860-1: Critical: chromium-browser security update
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056
Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals
The Internet-connected devices are growing at an exponential rate, and so are threats to them.
Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks.
We have seen IoT botnets like Mirai – possibly the biggest
CVE-2017-7395
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
CVE-2017-7394
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
CVE-2017-7393
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
CVE-2017-7392
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.
CVE-2017-7391
A Cross-Site Scripting (XSS) was discovered in ‘Magmi 0.7.22’. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the ‘magmi-git-master/magmi/web/ajax_gettime.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.