Security update for the Linux Kernel (important)
====================================================================== Still left to do: - Check CVE descriptions. They need to be written in the past tense. They are processed automatically, THERE CAN BE ERRORS IN THERE! - Remove version numbers from the CVE descriptions - Check...
2.8AI Score
0.047EPSS
Virtuozzo 7 : readykernel-patch (VZA-2017-004)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect...
8.4CVSS
7.5AI Score
0.002EPSS
(RHSA-2017:0832) Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 7
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and...
7.8CVSS
0.4AI Score
0.011EPSS
(RHSA-2017:0831) Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 6
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and...
7.8CVSS
0.4AI Score
0.011EPSS
filtron - Filtering reverse HTTP proxy
Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend. The original purpose of this program was to defend searx , but it can be used to guard any web application. ** Installation...
7.5AI Score
Moneybird: Stored Cross Site Scripting in Customer Name
Researcher found a vulnerability in our contact selector, in which a contact name with HTML would trigger this HTML to be executed. We have improved our contact selector to handle customer names as text instead of...
0.4AI Score
Introduction to Reverse Engineering Cocoa Applications
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends.....
7.1AI Score
Introduction to Reverse Engineering Cocoa Applications
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends.....
0.6AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to ...
0.2AI Score
0.038EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0575-1)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed : CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to...
9.8CVSS
9.1AI Score
0.038EPSS
Updated kernel-tmb packages fixes security vulnerabilities
This kernel-tmb update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to....
9.8CVSS
4AI Score
0.047EPSS
Updated kernel and kmod packages fixes security vulnerabilities
This kernel update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a...
9.8CVSS
4.2AI Score
0.047EPSS
Updated kernel-linus fixes security vulnerabilities
This kernel-linus update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access.....
9.8CVSS
3.9AI Score
0.047EPSS
Debian DSA-3791-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain ...
9.8CVSS
8.1AI Score
0.013EPSS
[SECURITY] [DSA 3791-1] linux security update
Debian Security Advisory DSA-3791-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2016-6786 CVE-2016-6787...
9.8CVSS
0.7AI Score
0.013EPSS
[SECURITY] [DSA 3791-1] linux security update
Debian Security Advisory DSA-3791-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2016-6786 CVE-2016-6787...
9.8CVSS
8.6AI Score
0.013EPSS
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3208-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3208-2 advisory. The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set,...
7.8CVSS
8AI Score
0.002EPSS
openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0456-1)
The remote host is missing an update for...
9.8CVSS
7.3AI Score
0.038EPSS
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3208-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3208-1 advisory. The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set,...
7.8CVSS
8AI Score
0.002EPSS
Debian Security Advisory DSA 3791-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing....
0.7AI Score
0.013EPSS
9.8CVSS
7.3AI Score
0.013EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2017-245)
The openSUSE 42.2 kernel was updated to 4.4.42 stable release. The following security bugs were fixed : CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors...
9.8CVSS
9.4AI Score
0.038EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented : The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs...
7.8CVSS
9.3AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs...
4.2AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to...
2.6AI Score
0.052EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain...
7.8CVSS
8.9AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The openSUSE 42.2 kernel was updated to 4.4.42 stable release. The following security bugs were fixed: CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving...
0.3AI Score
0.038EPSS
semantic-ui is vulnerable to cross-site scripting (XSS) attacks. The attacks are possible because it allows the users to enter their own entry to a multi select, allowing the user to escape outside of the...
5.6AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of...
2.2AI Score
0.736EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8.4CVSS
7.9AI Score
0.002EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8.4CVSS
7.3AI Score
0.002EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8.4CVSS
8.2AI Score
0.002EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8.4CVSS
8.2AI Score
0.002EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8AI Score
0.002EPSS
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted...
8.4CVSS
8.4AI Score
0.002EPSS
The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo versions 7.0.0, 7.0.1, and 7.0.3. Vulnerability id: CVE-2017-2583 Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector(SS).....
8.4CVSS
7.2AI Score
0.002EPSS
[ASA-201701-38] linux-zen: privilege escalation
Arch Linux Security Advisory ASA-201701-38 Severity: Medium Date : 2017-01-29 CVE-ID : CVE-2017-2583 Package : linux-zen Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-151 Summary The package linux-zen before version 4.9.5-1 is vulnerable to privilege...
8.4CVSS
0.9AI Score
0.002EPSS
[ASA-201701-32] linux: privilege escalation
Arch Linux Security Advisory ASA-201701-32 Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-149 Summary The package linux before version 4.9.5-1 is vulnerable to privilege...
8.4CVSS
0.7AI Score
0.002EPSS
[ASA-201701-35] linux-lts: privilege escalation
Arch Linux Security Advisory ASA-201701-35 Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-150 Summary The package linux-lts before version 4.4.44-1 is vulnerable to privilege...
8.4CVSS
0.9AI Score
0.002EPSS
Microsoft Dynamics CRM 2011 Update Rollup 15
Microsoft Dynamics CRM 2011 Update Rollup 15 We have identified a compatibility issue that occurs when you use the Microsoft Dynamics CRM 2011 Client for Outlook with Update Rollup 15 applied against a Dynamics CRM 2013 server. This issue does not affect Dynamics CRM 2011 servers. A new Update...
7AI Score
About the security content of iOS 9.2.1 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...
8.8CVSS
0.7AI Score
0.023EPSS
About the security content of Safari 9.0.3 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...
8.8CVSS
0.2AI Score
0.008EPSS
rbcroyalbank.com XSS vulnerability
Vulnerable URL: https://www.rbcroyalbank.com/cgi-bin/account-selector/selector.cgi?student='-confirm('OPENBUGBOUNTY')-' Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2345 VIP website status:| Yes Check...
6.2AI Score
PHPMailer < 5.2.18 Remote Code Execution(CVE-2016-10033) (PwnScriptum)
来源:https://blog.chaitin.cn/phpmailer-cve-2016-10033/ 作者:phithon@长亭科技 对比一下新老版本: https://github.com/PHPMailer/PHPMailer/compare/v5.2.17...master 其实答案呼之欲出了——和Roundcube的RCE类似,mail函数的第五个参数,传命令参数的地方没有进行转义。 ...
9.5AI Score
0.971EPSS
The Xen Project reports : The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment (%ds, %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a...
7.8CVSS
-0.8AI Score
0.001EPSS
openSUSE Security Update : virtualbox (openSUSE-2016-1366)
This update for virtualbox fixes the following issues : Fixes CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608, CVE-2016-5610,CVE-2016-5611,CVE-2016-5613 (bsc#1005621) Add patch to limit number of simultaneous make jobs. Version bump to 5.1.8 (released 2016-10-18 by...
9.1CVSS
-0.3AI Score
0.004EPSS
x86 null segments not always treated as unusable
ISSUE DESCRIPTION The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment (%ds, %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a special...
7.8CVSS
0.6AI Score
0.001EPSS
xen-kernel -- x86 null segments not always treated as unusable
The Xen Project reports: The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment (%ds, %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access. ...
7.8CVSS
0.9AI Score
0.001EPSS
(RHSA-2016:1839) Important: JBoss Enterprise Application Platform 7.0.2 for RHEL 7
Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug....
8.8CVSS
9AI Score
0.07EPSS
(RHSA-2016:1838) Important: JBoss Enterprise Application Platform 7.0.2 on RHEL 6
Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug....
8.8CVSS
9AI Score
0.07EPSS