This advisory contains mitigation details for an improper authentication vulnerability in the Siemens SIMATIC CP 44x-1 RNA modules.
This advisory contains mitigation details for an improper access control vulnerability in Siemens XHQ.
Original release date: June 21, 2017
The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.
WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.
WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.
It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.
Bitdefender AV crashes when fed malicious RAR files from 2013.
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).
The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).