Ubuntu Security Notice 3233-1 – Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary code.
Instagram Adds Two-Factor Authentication
Instagram became the latest in a long line of services over the years to offer users two-factor authentication.
Conan Exiles Early Access Review: Welcome to Hyboria
Open world survival games like ARK: Survival Evolved, Rust, and 7 Days to Die, are a big thing right now – it seems like there is a new one being released every other day on Steam. While the setting may differ most of them have one thing in common: They were developed by indie developers. […]
The post Conan Exiles Early Access Review: Welcome to Hyboria appeared first on Avira Blog.
CVE-2016-2224
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.
CVE-2016-3179
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
CVE-2016-3178
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.
CVE-2016-7797
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
CVE-2017-5506
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVE-2016-10130
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
CVE-2017-5337
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.