Google Proposes ‘Privacy Sandbox’ to Develop Privacy-Focused Ads

By GIXnews

Google today announced a new initiative—called Privacy Sandbox—in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their…

Survey Claims Majority Who Haggle Get Better Broadband ISP Deal

By GIXnews

A new survey of 1,000 UK broadband customers, which was conducted by consumer magazine Which?, has claimed that 87% of those who haggle with their ISP for a better deal were offered a discount or other incentive to stay with the provider rather than switch away, but apparently most people don’t try it. The survey…

Wind River VxWorks Session Fixation Denial of Service Vulnerability

By GIXnews

A vulnerability in Wind River VxWorks could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a session fixation condition that could occur in the TCP component of the affected software. An attacker could exploit this vulnerability by sending crafted HTTP requests…

Wind River VxWorks RARP Client Component Improper Access Control Vulnerability

By GIXnews

A vulnerability in the Reverse Address Resolution Protocol (RARP) client component of Wind River VxWorks could allow unauthenticated, adjacent attacker to gain unauthorized access to a targeted system. The vulnerability is due to improper handling of unsolicited RARP replies by the affected software. An attacker could exploit this vulnerability by sending RARP packets that submit…

Wind River VxWorks IGMPv3 Client Component NULL Pointer Dereference Vulnerability

By GIXnews

A vulnerability in Wind River VxWorks could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an array index error that could occur in the IGMPv3 client component of the affected software. An attacker could exploit this vulnerability by sending crafted HTTP…

Wind River VxWorks ipdhcpc DHCP Client Component Improper Access Control Vulnerability

By GIXnews

A vulnerability in the ipdhcpc DHCP client component of Wind River VxWorks could allow unauthenticated, adjacent attacker to gain unauthorized access to a targeted system. The vulnerability is due to logical flaw in IPv4 assignment by the ipdhcpc DHCP client component of the affected software. An attacker could exploit this vulnerability by sending DHCP packets…

Wind River VxWork IGMPv3 Client Component IGMP Information Disclosure Vulnerability

By GIXnews

A vulnerability in the IGMPv3 client component of Wind River VxWorks could allow unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to a memory leak condition that could occur in the IGMPv3 client component of the affected software. An attacker could exploit this vulnerability by sending IGMPv3 packets…

Apache HTTP Server h2 Workers Denial of Service Vulnerability

By GIXnews

A vulnerability in the mod_http2 module of the Apache HTTP Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists because the affected software does not properly process user-supplied input. An attacker could exploit this vulnerability by sending multiple requests that submit malicious…

Apache HTTP Server mod_rewrite Configurations Open Redirect Vulnerability

By GIXnews

A vulnerability in the mod_rewrite module of the Apache HTTP Server could allow an unauthenticated, remote attacker to conduct an open redirect attack on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user to access a link…

Linux Kernel net/ipv6/ip6mr.c Code Execution Vulnerability

By GIXnews

A vulnerability in the Linux Kernel could allow a local attacker to execute arbitrary code on a targeted system. The vulnerability exists in the net/ipv6/ip6mr.c code of the affected software, and is due to insufficient checks on the sk_type and protocol in the ip_mroute_setsockopt() and ip_mroute_getsockopt() functions. An attacker could exploit this vulnerability by setting…

OpenEMR custom/ajax_download.php Unauthorized Access Vulnerability

By GIXnews

A vulnerability in OpenEMR could allow an authenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition on a targeted system. The vulnerability exists in the custom/ajax_download.php code of the affected software and is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a…

Wind River VxWorks TCP Integer Underflow Vulnerability

By GIXnews

A vulnerability in Wind River VxWorks could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. The vulnerability is due to an integer underflow condition that could occur in the TCP component of the affected software. An attacker could exploit this vulnerability by…

Wind River VxWorks TCP Buffer Overflow Vulnerability

By GIXnews

A vulnerability in Wind River VxWorks could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. The vulnerability is due to a buffer overflow condition that could occur in the TCP component of the affected software. An attacker could exploit this vulnerability by…

Three UK Upgrade HomeFi 4G Broadband Router with Huawei B535

By GIXnews

Mobile operator Three UK informs us that new customers of their 4G based HomeFi service, which originally bundled unlimited mobile broadband data with a Huawei B311 router, are now optionally able to receive a more advanced Huawei B535 device instead. The B311 wasn’t a particularly impressive device, not least because it was limited to 802.11n…