Security fix for the ALT Linux 7 package samba-DC version 4.5.10-alt1.M70P.1

4.5.10-alt1.M70P.1 built May 25, 2017 Evgeny Sinelnikov in task 183302 May 24, 2017 Evgeny Sinelnikov - Update to second spring security release - Fix longtime initialization bug in ldb proxy - Security fixes: + CVE-2017-7494 Remote code execution from a writable share...

ImageMagick Information Disclosure Vulnerability (CNVD-2017-07513)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. An information disclosure vulnerability exists in versions of ImageMagick prior to 7.0.5-2, which stems from the failu...

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image da...

(Pwn2Own) Apple macOS AppleMultitouchDevice Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

SUSE-SU-2017:1313-1 Security update for libxslt

This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page bsc1035905. -...

SUSE-SU-2017:1282-1 Security update for libxslt

This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page bsc1035905. -...

(Pwn2Own) Apple macOS WindowServer _XGetConnectionPSN Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2017-0341

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

IBM: Destroy USBs Infected with Malware Dropper

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices. IBM would not comment on the source of the infection or where in the supply chain the interdiction happened, and instead referred Threatpost to an...

openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1140-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

BSA-2017-254

Security Advisory ID : BSA-2017-254 Component : Open SSH Revision : 2.0: Final Themmnewkeysfromblobfunction inmonitorwrap.cinsshdinOpenSSH6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to...

Cross site request forgery (csrf)

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...

CVE-2007-6761

drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobufmapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321...

CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

Percona XtraBackup Information Disclosure Vulnerability

Percona XtraBackup is the U.S. Percona company's set of open source used to backup MySQL InnoDB database tools. An information disclosure vulnerability exists in xbcrypt in Percona XtraBackup versions prior to 2.3.6 and 2.4.x versions prior to 2.4.5, which stems from the program failing to proper...

ESXi 6.5 < Build 5224529 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

The version of the remote VMware ESXi 6.5 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute arbitrary code on the host. CVE-2017-4903 - An unspecified flaw exists in...

ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

The version of the remote VMware ESXi 6.0 host is 6.0 U1 prior to build 5251621, 6.0 U2 prior to build 5251623, or 6.0 U3 prior to build 5224934. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute...

(Pwn2Own) VMware Workstation Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...