Vulnerabilities Weekly Summary Ending April 29
NTP.org implementation of ntpd contains multiple vulnerabilities, at least 22: CVE-2015-7704 - Improper Input Validation CVE-2015-7705 - Improper Input Validation CVE-2015-7973 - ...
Posts for category: Vulnerability Research
Vulnerabilities Weekly Summary Ending April 22
Panda Security's products have two vulnerabilities (CVE-2016-3943 and CVE-2015-7378). The former vulnerability, CVE-2016-3943, is concerning Panda Security's Endpoint Administration Agent used in ...
Vulnerabilities Weekly Summary Ending April 15
Microsoft released their Security Bulletin Summary for April 2016 that addresses at least many vulnerabilities affecting the Windows operation systems ("Microsoft Security Bulletin Summary for April ...
Vulnerabilities Weekly Summary Ending April 8
A vulnerability (CVE-2016-1789) with Apple's iBooks Author software has been fixed in an Apple security update ("About the security content...", 2016 Mar. 31). An XML external entity reference ...
Vulnerabilities Weekly Summary Ending April 1
Apple reported three vulnerabilities with their Quicktime application running on OS X. CVE-2016-1767 and CVE-2016-1768 vulnerabilities allows remote attackers to execute arbitrary code or cause a ...
Vulnerabilities Weekly Summary Ending March 18
VMware reported that a vulnerability, CVE-2016-2075 in their vRealize Automation and vRealize Business Advanced products may allow for a Cross-Site Scripting (XSS) attack which could lead to a ...
Introduction Java is a very popular platform running on many devices from cell phones to supercomputers with some 9 million developers worldwide and boasting 1.1 billion installs each year ("Learn ...
Vulnerabilities Weekly Summary Ending March 11
A vulnerability that affects the Android operating system was discovered, CVE-2016-0819 ("Vulnerability Summary....", March 12 2016). The issue is with the Qualcomm Snapdragon chips on the devices ...
Vulnerabilities Weekly Summary Ending March 4
A security research team has found a new type of attack on SSL, dubbed "DROWN". It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 ...
Vulnerabilities Weekly Summary Ending February 26
The Bastille Threat Research team reported a vulnerability, called MouseJack, which affects wireless mouse and keyboards of various vendors that use a proprietary wireless protocol on the 2.4 GHz ...