[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to make an anouncement here. This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to

CA20160627-01: Security Notice for Release Automation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CA20160627-01: Security Notice for Release Automation Issued: June 27, 2016 Last Updated: June 27, 2016 CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can

[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c

I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I’d like to make an anouncement here. This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under race condition will lead to

Logic security flaw in TP-LINK - tplinklogin.net

TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration. The domain is available to buy via escort service, so potential attacker can get it, it's all about money. There is unknown holder who have the

Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking

Hi @ll, the executable installer for Microsoft's Visual Studio 2015 Community Edition, available from , is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1 it loads the following DLLs from its "application directory" instead of Windows' "system

[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05193083 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05193083 Version: 1 HPSBGN03626

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

KL-001-2016-003 : SQLite Tempdir Selection Vulnerability Title: SQLite Tempdir Selection Vulnerability Advisory ID: KL-001-2016-003 Publication Date: 2016.07.01 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt 1. Vulnerability Details Affected Vendor: