53 matches found
Design/Logic Flaw
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters CWE-233. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp...
CVE-2020-10069
CVE-2020-10069 affects Zephyr RTOS Bluetooth stack. The vulnerability allows denial of service due to unchecked packet data related to improper handling of parameters (CWE-233) in Zephyr versions v1.14.2 and newer (including v2.2.0+). The description in connected sources confirms the issue is roo...
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Parameters CWE-233. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp...
CVE-2017-18469
CVE-2017-18469 affects cPanel prior to 62.0.17, where demo accounts can execute code via an NVData_fetchinc API call (SEC-233). Affected software: cPanel versions before 62.0.17. Root cause: exploitable API call allowing code execution. Impact: potential arbitrary code execution by unauthenticate...
Siemens CP 243-1 Detection
Binary data 233.prm...
OracleVM 3.2 : xen (OVMSA-2017-0159)
The remote OracleVM system is missing necessary patches to address critical security updates : - The code of OVM3.2.9 is quite old, there is no getpage/putpage pair to protect the ownership and references of page table page which is mapped in emulatemapdest. This patch fix it by adding getpage in...
Fedora 25 : xen (2017-f7fd3fe7eb)
xen: various flaws 1490884 Missing NUMA node parameter verification XSA-231, CVE-2017-14316 Missing check for grant table XSA-232, CVE-2017-14318 cxenstored: Race in domain cleanup XSA-233, CVE-2017-14317 insufficient grant unmapping checks for x86 PV guests XSA-234, CVE-2017-14319 Note that...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2519-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
Fedora 26 : xen (2017-e399a9008c)
xen: various flaws 1490884 Missing NUMA node parameter verification XSA-231, CVE-2017-14316 Missing check for grant table XSA-232, CVE-2017-14318 cxenstored: Race in domain cleanup XSA-233, CVE-2017-14317 insufficient grant unmapping checks for x86 PV guests XSA-234, CVE-2017-14319 ---- update to...
openSUSE Security Update : xen (openSUSE-2017-1071)
This update for xen fixes several issues. These security issues were fixed : - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...
Systemd Local Elevation of Privilege Vulnerability
systemd is a Linux-based system and service manager developed by German software developer Lennart Poettering and others. It is compatible with the SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in syste...
CVE-2017-9445
The CVE-2017-9445 issue affects systemd up to version 233, where dns_packet_new in systemd-resolved may allocate a buffer that is too small when processing DNS responses. A malicious DNS server can craft a TCP payload to trigger an out-of-bounds write, potentially enabling remote code execution o...
Systemd Out-of-Bounds Write Remote Code Execution Vulnerability
systemd is a Linux-based system and service manager developed by German software developer Lennart Poettering and others. It is compatible with the SysV and LSB startup scripts and provides a framework for representing dependencies between system services. Security exists in systemd 233 and earli...
CVE-2017-4989
CVE-2017-4989 affects EMC Avamar Server Software releases listed (7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401). Root cause: unauthenticated remote bypass of authentication to access the system maintenance page, enabling viewing of sensitive info and execution of maintenance tas...
PT-2017-18793 · Systemd +2 · Systemd-Resolved +2
Name of the Vulnerable Software and Affected Versions: systemd-resolved versions through 233 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted DNS response with an empty question section. Recommendations: For versions through...
CVE-2017-6658
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...
CVE-2017-6658
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem...
dmm.co.jp XSS vulnerability
Vulnerable URL: http://www.dmm.co.jp/en/ppm/video/-/series/=/cid"%20onmouseover%3Dalert'OPENBUGBOUNTY'%20rest%3D"=ranking/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 233 VIP...
CVE-2016-0921
Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program...
CVE-2016-0920
Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration...