Hi @ll,
at least after Intel's infamous FDIV bug, everybody who uses (or
programs) computers should know that (floating point) division is
hard to implement right.-)
But what about integer division and integer modulus/remainder?
Starting at least in 1999, and at least until 2011, AMD, Intel's
co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2017-11-29-2 Security Update 2017-001
Security Update 2017-001 is now available and addresses the
following:
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2017-11-29-1 Security Update 2017-001
Security Update 2017-001 is now available and addresses the
following:
Directory Utility
Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may
*1. Introduction*
Vendor:ZKTeco
Affected Product: ZKTime Web - 2.0.1.12280
Fixed in:
Vendor Website:https://www.zkteco.com/product/ZKTime_Web_2.0_435.html
Vulnerability Type:Reflected XSS
Remote Exploitable:Yes
CVE: CVE-2017-17057
*2. Overview
*1. Introduction*
Vendor:ZKTeco
Affected Product: ZKTime Web - 2.0.1.12280
Fixed in:
Vendor Website:https://www.zkteco.com/product/ZKTime_Web_2.0_435.html
Vulnerability Type:Cross Site Request Forgery
Remote Exploitable:Yes
CVE: CVE-2017-17056
[STX]
Subject: Axis Communications MPQT/PACS Heap Overflow and Information Leakage.
Attack vector: Remote
Authentication: Anonymous (no credentials needed)
Researcher: bashis (August 2017)
PoC: https://github.com/mcw0/PoC
Release date: December 1, 2017
Full Disclosure: 90 days (due to the large
Note: These vulnerabilities remain unpatched at the point of
publication. We have been working with Symantec to try and help them to
fix this since our initial private disclosure in July 2017 (full
timeline at the end of this article), however no patch has yet been
released. Consequently, we
aws-cfn-bootstrap local code execution as root
==
The latest version of this advisory is available at:
https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt
Overview
AWS EC2 instances deployed with the AWS CloudFo
www.nsec.io - northsec.eventbrite.ca
NorthSec 2018, one of the biggest applied security events in Canada,
is coming up in Montreal May 2018.
May 14-15-16 - Profesional Training Sessions - Syllabus Announced Soon
May 17-18- Security Conference & Workshops
May 18-19-20 - The biggest 48H on-site
[+] Credits: John Page (aka HyP3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt
[+] ISR: ApparitionSec
Vendor:
==aprelium.com
Product:
===
Abyss Web Server < v2.11.6
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt
[+] ISR: ApparitionSec
Vendor:
===www.articatech.com
Product:
=
Artica We
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt
[+] ISR: ApparitionSec
Vendor:
=mistserver.org
Product:
===
M
Asterisk Project Security Advisory - AST-2017-013
Product Asterisk
Summary DOS Vulnerability in Asterisk chan_skinny
Nature of Advisory Denial of Service
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert8, 13.18.3,
14.7.3 and 15.1.3.
These releases are available for immediate download at
http://downloads.asterisk
14 matches
Mail list logo
