CVE-2017-4915

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine...

CVE-2017-4915

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine...

VMware Patches Multiple Security Issues in Workstation

VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability. The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009. Jann Horn, a securi...

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualB...

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualBox is installed to gain code execution in the kernel. Since I'm not sure which one of these issues cross...

CVE-2016-4031

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices allow attackers to send AT commands by plugging the device into...

Command injection

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices allow attackers to send AT commands by plugging the device into...

CVE-2016-4031

Technical details about CVE-2016-4031 are not publicly available in the provided documents. Monitor for updates.

CVE-2016-4031

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices allow attackers to send AT commands by plugging the device into...

Oracle VM VirtualBox 5.0.x < 5.0.34 / 5.1.x < 5.1.16 Shared Folder Implementation Information Disclosure

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.34 or 5.1.x prior to 5.1.16. It is, therefore, affected by an information disclosure vulnerability within the shared folder implementation, specifically in the vbsfPathCheckRootEscape function, that permits...

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to t...

HP Version Control Repository Manager for Linux < 7.6.0 Multiple Vulnerabilities

According to its self-reported version, the HP Version Control Repository Manager VCRM application installed on the remote Linux host is prior to 7.6.0. It is, therefore, affected by multiple vulnerabilities : - A cross-site request forgery XSRF vulnerability exists in VCRM due to HTTP requests n...

Linux User List Enumeration

Using the supplied credentials, Nessus was able to enumerate the local users and groups on the remote Linux host. TRUSTED...

Unable to Delete Credentials

Challenge When attempting to delete credentials from the credentials manager, a message box states: Unable to delete credentials because they are currently in use. See details for more info. Cause You cannot delete a record that is already used for any component in the backup infrastructure...

Oracle Linux 5 : bind97 (ELSA-2015-1707)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1707 advisory. - Fix CVE-2015-5722 - Fix CVE-2015-5477 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Mandriva Linux Security Advisory : python-imaging (MDVSA-2014:163)

Updated python-imaging packages fix security vulnerability : The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin CVE-2014-3589. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

IBM Tivoli Storage Manager Client Metadata Local File Access Information Disclosure

The version of Tivoli Storage Manager Client installed on the remote Linux host is affected by an unauthorized file access vulnerability. A flaw exists with the Tivoli Backup-Archive client when restoring Space Management file metadata. A local attacker can exploit this flaw to gain access to the...

Immunity Canvas: CVE_2014_5261

Name| CVE20145261 ---|--- CVE| CVE-2014-5261 Exploit Pack| CANVAS Description| CVE-2014-5261 Notes| CVE Name: CVE-2014-5261 VENDOR: The Cacti Group Changelog: http://svn.cacti.net/viewvc?view=rev&revision=7454 Notes: This is a post-authentication command injection vulnerability in Cacti 0.8.8b,...

HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

The RPM installation of HP Version Control Agent VCA on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions...

Intel® Manycore Platform Software Stack Privilege Escalation

Summary: A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack Intel® MPSS was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel®...