Security Alerts | compination gmbh

AVAST <=> External Analytics

Posted on 02 06 201503 06 2015 by Compination Security Admin

Nach einem Bericht des Heise Security Newstickers gibt AVAST Nutzungsdaten an die Analysefirma “JunpShot” weiter. “Dabei übermittelt Avast eigenen Angaben zufolge monatlich 150 Milliarden URLs von besuchten Webseiten an Jumpshot. Aus den Infos konnte Jumpshot etwa schlussfolgern, dass in Kalifornien Selfie Sticks bei Amazon.com besonders beliebt sind. Avast betont aber, dass die Daten anonymisi...

MAC EFI Bug

Posted on 01 06 201503 06 2015 by Compination Security Admin

Heise Newsticker: Eine EFI-Schwachstelle ermöglicht es einem Angreifer, die Firmware älterer Macs zu manipulieren, wie ein Sicherheitsforscher berichtet – physischer Zugriff sei dafür nicht erforderlich.

CVE-2015-1188 – Swisscom Centro Grande (ADB) DSL router Vulnerability

Posted on 25 05 201503 06 2015 by Compination Security Admin

Abstract The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1188 Seclists.org Announcement Link: http://seclists.org/fulldisclosure/2015/Apr/103 Description ----------...

CVE-2015-3456 – VENOM Vulnerability

Posted on 14 05 201503 06 2015 by Compination Security Admin

CVE-2015-3456 - VENOM There is a critical Security Advisory concerning a (quite old but newly discovered) Bug in the FDC (Floppy Disk Drive) Virtualization Stack on almost all virtualization platforms except: Microsoft HyperV VMWare The following Hypervisors ARE affected: Any Version of QEMU Any Hypervisor requiring LibVirt (KVM, Too) Any Version of XEN (OpenSource and Commercial...

WordPress XSS vulnerability

Posted on 07 05 201503 06 2015 by Compination Security Admin

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Version 4.2.2 addresses two security issues: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes...

Xen Security Advisory CVE-2015-3340 / XSA-132 V2

Posted on 04 05 201503 06 2015 by Compination Security Admin

ISSUE DESCRIPTION ================= The handler for XEN_DOMCTL_gettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XEN_SYSCTL_getdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by XSA-77. IMPACT ====== Malicious or buggy stub domain kernels or tool stacks ...

CVE-2015-0235 – GLIBC Ghost

Posted on 05 02 201503 06 2015 by Compination Security Admin

Background Information GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. Impact The gethostbyname() function calls are used for ...