Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Exploit for Open Redirect in Git-Scm Git

PoC exploit for CVE-2017-1000117, a vulnerability in the way Git handles submodule initialization. The target is Git, a vulnerability class/vector of arbitrary file write, probable entry point is the Git submodule initialization process, notable dependency is Git, and execution context is a Git...

DEBIAN-CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

PYSEC-2017-50

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Qemu: net: vmxnet: integer overflow in packet initialisation

Integer overflow in the nettxpktinit function in hw/net/nettxpkt.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service QEMU process crash via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference...

Qemu: net: vmxnet: integer overflow in packet initialisation

Integer overflow in the nettxpktinit function in hw/net/nettxpkt.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service QEMU process crash via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference...

CVE-2017-11133

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random in previous versions and with...

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

(Pwn2Own) Adobe Reader DC util streamFromString Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Ubuntu 16.04 LTS : Linux kernel (AWS, GKE) vulnerabilities (USN-3364-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3364-3 advisory. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive...

USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan dat...

The vulnerability of the virtio_gpu_object_create function in the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the virtiogpuobjectcreate function in the Linux operating system is related to a memory leak. Exploiting this vulnerability allows an attacker to cause a service failure memory consumption by triggering an initialization error...

Apple Safari Multiple Vulnerabilities (HT207921)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

About the security content of iCloud for Windows 6.2.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Apache HTTP Server 'mod_auth_digest' Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...

CVE-2017-8564

Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory...

(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...

DEBIAN-CVE-2017-9524

The qemu-nbd server in QEMU aka Quick Emulator, when built with the Network Block Device NBD Server support, allows remote attackers to cause a denial of service segmentation fault and server crash by leveraging failure to ensure that all initialization occurs before talking to a client in the...

CVE-2017-10769

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll77df0000!memcmp+0x0000000000000018" without RPC...