Author: Cyberthreat Blog

In Mercurial before 4.1.3, “hg serve –stdio” allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using –debugger as a repository name.

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerablity (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is...

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

The Fedora Nagios package uses “nagiosadmin” as the default password for the “nagiosadmin” administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the...