4967 matches found
kernel: ext4 filesystem page fault race condition with fallocate call.
A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space...
CVE-2017-11271
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to transfer of pixel blocks...
Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
kernel: ext4 filesystem page fault race condition with fallocate call.
A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space...
CVE-2016-6594
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning...
Google: Its Tech Now Blocks 99.9% of Gmail Phishing and Spam Emails
By Jahanzaib Hassan After the effects of the phishing campaign that used Google Docs as a tool to attack, Google has launched a number of upgrades to Gmail and its browser so that users can be notified and warned of suspicious emails and websites that may contain malware. The new machine-learning...
One or more bad blocks were detected and skipped
Challenge Veeam Agent for Microsoft Windows VAW displays the following warning during the backup: One or more bad blocks were detected and skipped. Copy Cause There are two scenarios under which this warning may occur: 1. The disk of the machine being backed up has bad clusters, as recorded by th...
CVE-2017-8284
The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...
The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure
The vulnerability of the sdhcisdmatransfermultiblocks function in the hw/sd/sdhci.c file of the QEMU hardware/software emulator is related to improper management of system resources. Exploiting this vulnerability can allow an attacker, operating locally, to trigger a service failure infinite loop...
CVE-2017-5670
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program not shred or srm, which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks...
CVE-2017-5670
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program not shred or srm, which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks...
CVE-2017-5670
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program not shred or srm, which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks...
Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04653)
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blocks/add/URI in Subrion CMS version 4.0.5. An...
Cross site request forgery (csrf)
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...
openjpeg: heap overflow in parsing of JPEG2000 code blocks
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution...
openjpeg: heap overflow in parsing of JPEG2000 code blocks
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution...
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...
Cross site request forgery (csrf)
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...