Gwyn's Imagemap Selector Security Vulnerabilities

SUSE SLED12 Security Update : libreoffice (SUSE-SU-2017:1821-1)

LibreOffice was updated to version 5.3.3.2, bringing new features and enhancements: Writer : New 'Go to Page' dialog for quickly jumping to another page. Support for 'Table Styles'. New drawing tools were added. Improvements in the toolbar. Borderless padding is displayed. Calc : ...

Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability

Talos Vulnerability Report TALOS-2017-2818 Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability July 7, 2017 CVE Number CVE-2017-0319 Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically...

Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to...

Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)

Description of changes: [3.10.0-514.26.1.0.1.el7.OL7] [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com).....

CentOS 7 : kernel (CESA-2017:1615)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

CentOS Update for kernel CESA-2017:1615 centos7

Check the version of...

Oracle Linux 7 : kernel (ELSA-2017-1615)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1615 advisory. The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:1615 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment...

RedHat Update for kernel RHSA-2017:1615-01

The remote host is missing an update for...

RHEL 7 : kernel (RHSA-2017:1615)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)

Security Fix(es) : A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS 1' parameter and 'NETIF_F_FRAGLIST'...

RHEL 7 : kernel-rt (RHSA-2017:1616) (Stack Clash)

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

(RHSA-2017:1616) Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and...

(RHSA-2017:1615) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap...

kernel security and bug fix update

[3.10.0-514.26.1.0.1.el7.OL7] [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug...

kernel security and bug fix update

[3.10.0-514.26.1.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-514.26.1] [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733]...

(RHSA-2017:1411) Moderate: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 7

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and...

(RHSA-2017:1410) Moderate: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 6

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and...

Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)

The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unix_syscall() in bsd/dev/i386/systemcalls.c calls thread_exception_return() (in osfmk/x86_64/locore.s),...

Apple iOS / OS X NSKeyedArchiver Memory Corruption(CVE-2017-2527)

CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtin_function mov ebx, edi <-- controlled unsigned int mov r14d, ebx lea r15, __ZL9functions_0 ; functions mov rax, [r15+r14*8] if rax is non-null it's...

Apple macOS/iOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking

...

Apple iOS / macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in CAMediaTimin

Exploit for multiple platform in category dos /...

Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit

Exploit for macOS platform in category dos /...

Apple macOSiOS - CAMediaTimingFunctionBuiltin NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking

Apple macOSiOS - CAMediaTimingFunctionBuiltin NSKeyedArchiver Memory Corruption Due to Lack of Bounds...

Apple macOS - 32-bit syscall exit Kernel Register Leak

Apple macOS - 32-bit syscall exit Kernel Register...

Apple macOS - '32-bit syscall exit' Kernel Register Leak

...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)

The remote OracleVM system is missing necessary patches to address critical security updates : nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] (CVE-2017-7895) fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] ...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)

The remote OracleVM system is missing necessary patches to address critical security updates : nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] (CVE-2017-7895) ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3566 advisory. The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL...

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3567 advisory. The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL...

Unbreakable Enterprise kernel security update

kernel-uek [3.8.13-118.18.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} [3.8.13-118.18.1] - fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] - xen-netfront: Rework the fix for Rx stall during OOM and...

Unbreakable Enterprise kernel security update

[2.6.39-400.295.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the...

rbcroyalbank.com XSS vulnerability

Open Bug Bounty ID: OBB-235695 Description| Value ---|--- Affected Website:| rbcroyalbank.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

Exploiting .NET Managed DCOM

Posted by James Forshaw, Project Zero One of the more interesting classes of security vulnerabilities are those affecting interoperability technology. This is because these vulnerabilities typically affect any application using the technology, regardless of what the application actually does....

For cross-browser local file disclosure vulnerability analysis-vulnerability warning-the black bar safety net

Foreword You know? You can easily turn ordinary file selector into a folder picker, to do this, simply drag the attribute“webkitdirectory”added to the type ='file'in the given input element on the line. Of course, with the folder selector is different, eventually you will load a given folder all...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)

The remote OracleVM system is missing necessary patches to address critical security updates : uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] ksplice: add sysctls for determining Ksplice features. (Jamie Iles) signal: protect SIGNAL_UNKILLABLE from unintentional ...

Unbreakable Enterprise kernel security update

kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86:...

Xen - Broken Check in memory_exchange() Permits PV Guest Breakout Vulnerability

Exploit for multiple platform in category local...

Xen - Broken Check in memory_exchange() Permits PV Guest Breakout

Xen - Broken Check in memory_exchange() Permits PV Guest...

Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout

...

macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriCo

Exploit for macOS platform in category dos /...

Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability

Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in...

macOS Kernel 10.12.2 (16C67) - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack o

Exploit for macOS platform in category dos /...

Apple macOS Kernel 10.12.2 (16C67) - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack of Bounds Checking

Apple macOS Kernel 10.12.2 (16C67) - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack of Bounds...

Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability

...

Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking

...

MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig (CVE-2017-2443)

Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to index an array of pointers with no bounds checking: This pointer is passed.....

MacOS kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability(CVE-2017-2489)

MacOS kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability Selector 0x710 of IntelFBClientControl ends up in AppleIntelCapriController::getDisplayPipeCapability. This method takes a structure input and output buffer. It reads an attacker...

openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)

The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which...