80 matches found
DEBIAN-CVE-2018-16865
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash...
DEBIAN-CVE-2018-16864
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges...
UBUNTU-CVE-2018-16865
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash...
UBUNTU-CVE-2018-16864
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges...
openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)
This update for xen fixes the following issues : Update to Xen 4.10.2 bug fix release bsc1027519. Security vulnerabilities fixed : - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, m...
Xen Project XSA-240 Mitigation Shadow Paging Conflict Vulnerability (XSA-280)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a vulnerability allowing a guest system to potentially elevate privileges, access protected information, and perform a DoS against the host. A number of caveats exist to determine if a...
Fix for XSA-240 conflicts with shadow paging
ISSUE DESCRIPTION The fix for XSA-240 introduced a new field into the control structure associated with each page of RAM. This field was added to a union, another member of which is used when Xen uses shadow paging for the guest. During migration, or with the L1TF XSA-273 mitigation for PV guests...
CVE-2018-1000655
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...
Intelbras Win 240 Cross-Site Scripting Vulnerability
The Intelbras Win 240 is a wireless router from Intelbras Brazil. A cross-site scripting vulnerability exists in Intelbras Win 240 version 1.1.0. A remote attacker can exploit the vulnerability to change the Admin password...
CVE-2018-10369
A Cross-site scripting XSS vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login...
CVE-2018-10369
A Cross-site scripting XSS vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login...
Cross site scripting
A Cross-site scripting XSS vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login...
CVE-2018-10369
CVE-2018-10369 affects Intelbras Win 240 router (V1.1.0). The vulnerability is a Cross‑Site Scripting (XSS) flaw in the device’s web interface that allows an attacker to change the Admin password without authentication. Multiple sources (NVD, CNVD, PRION, CVE list) corroborate the XSS impact on I...
CVE-2018-10369
A Cross-site scripting XSS vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login...
Fedora 27 : xen (2017-5945560816)
another patch related to the XSA-240, CVE-2017-15595 issue x86 PV guests may gain access to internally used page XSA-248 broken x86 shadow mode refcount overflow check XSA-249 improper x86 shadow mode refcount error handling XSA-250 improper bug check in x86 log-dirty handling XSA-251 Note that...
Private Details of 240,000 DHS Employees Accessed after Data Breach
By Uzair Amir A data breach targeted towards the Department of Homeland Security This is a post from HackRead.com Read the original post: Private Details of 240,000 DHS Employees Accessed after Data Breach...
Fedora 26 : xen (2017-16a414b3c5)
another patch related to the XSA-240, CVE-2017-15595 issue xen: various flaws 1525018 x86 PV guests may gain access to internally used page XSA-248 broken x86 shadow mode refcount overflow check XSA-249 improper x86 shadow mode refcount error handling XSA-250 improper bug check in x86 log-dirty...
Fedora 26 : xen (2017-5bcddc1984)
xen: various flaws 1501391 multiple MSI mapping issues on x86 XSA-237 DMOP map/unmap missing argument checks XSA-238 hypervisor stack leak in x86 I/O intercept code XSA-239 Unlimited recursion in linear pagetable de-typing XSA-240 Stale TLB entry due to page type release race XSA-241 page type...
Xen Hypervisor Pagetable De-typing Recursion Handling Guest-to-Host DoS (XSA-240)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a stack overflow vulnerability that is triggered when recursion is not properly handled when de-typing linear pagetables. By stacking multiple layers of page tables, an attacker within a...
Command injection
XSS persistent on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated b...