ESpace 7910; ESpace 7950; ESpace 8950 Security Vulnerabilities

Code injection

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX...

CVE-2017-7950

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX...

CVE-2017-7950

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX...

HP SiteScope Multiple Vulnerabilities (HPESBGN03763)

The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities : A cryptographic weakness exists in the ss_pu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose...

Digital Canal Structural Wind Analysis 9.1 Buffer Overflow

...

CVE-2017-8950

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was...

CVE-2017-7910

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service...

CVE-2017-7910

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service...

Stack overflow

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service...

CVE-2017-7910

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service...

Digital Canal Structural Wind Analysis

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digital Canal Structural Equipment: Wind Analysis Vulnerability: Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Wind Analysis, a structural engineering software platform, are affected: Wind...

HPE SiteScope contains multiple vulnerabilities

Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...

Oracle Linux 7 : kernel (ELSA-2017-1308)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1308 advisory. The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by...

Oracle Linux 7 : kernel (ELSA-2017-1308-1)

Description of changes: [3.10.0-514.21.1.0.1.el7.OL7] [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com).....

F5 BIG-IP - TMM vulnerability CVE-2017-6137

Undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations....

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:1308 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size...

RHEL 7 : kernel-rt (RHSA-2017:1298)

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

CentOS Update for kernel CESA-2017:1308 centos7

Check the version of...

RHEL 6 : MRG (RHSA-2017:1297)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from.....

RedHat Update for kernel RHSA-2017:1308-01

The remote host is missing an update for...

RHEL 7 : kernel (RHSA-2017:1308)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

kernel security, bug fix, and enhancement update

[3.10.0-514.21.1.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-514.21.1] [kernel] sched/core: Fix an SMP ordering race in...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170525)

Security Fix(es) : It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the...

kernel security, bug fix, and enhancement update

[3.10.0-514.21.1.0.1.el7.OL7] [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug...

CentOS 7 : kernel (CESA-2017:1308)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

(RHSA-2017:1308) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability...

(RHSA-2017:1298) Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain...

(RHSA-2017:1297) Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)

The remote OracleVM system is missing necessary patches to address critical security updates : nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] (CVE-2017-7895) fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] ...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)

The remote OracleVM system is missing necessary patches to address critical security updates : nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] (CVE-2017-7895) ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3566 advisory. The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL...

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3567 advisory. The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL...

Unbreakable Enterprise kernel security update

kernel-uek [3.8.13-118.18.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} [3.8.13-118.18.1] - fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] - xen-netfront: Rework the fix for Rx stall during OOM and...

Unbreakable Enterprise kernel security update

[2.6.39-400.295.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the...

champagne-moyat-jaury-guilbaud.com XSS vulnerability

Vulnerable URL: http://www.champagne-moyat-jaury-guilbaud.com/espace-client/login.php?location=%2Fespace-client%2F%22%27--!%3E%3CScript%20/K/%3Econfirm(OPENBUGBOUNTY)%3C/Script%20/K/%3E# Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:|...

Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems

Huawei noticed that the WannaCry ransomware targeting at Windows exploits multiple vulnerabilities in Windows Server Message Block v1 (SMBv1). These vulnerabilities were disclosed by Microsoft in Microsoft security bulletin MS17-010 on March 14. Successful exploit of these vulnerabilities could...

Description of the security update for SharePoint Foundation 2013: May 9, 2017

Description of the security update for SharePoint Foundation 2013: May 9, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft.....

F5 Networks BIG-IP : TMM vulnerability (K82851041)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a...

Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client...

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...

Security update for the Linux Kernel (important)

The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs...

espace-invention.ch XSS vulnerability

Vulnerable URL: http://www.espace-invention.ch/addToCart.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

There is an input validation vulnerability in Huawei Multiple products. Due to the lack of input validation on the device, a remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0061)

The remote OracleVM system is missing necessary patches to address critical security updates : udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229) block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531]...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3537)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3537 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by...

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3538)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3538 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530]...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)

The remote OracleVM system is missing necessary patches to address critical security updates : uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] ksplice: add sysctls for determining Ksplice features. (Jamie Iles) signal: protect SIGNAL_UNKILLABLE from unintentional ...

CentOS 6 : kernel (CESA-2017:0892)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...