Debian: Security Advisory (DSA-4088-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fake Spectre and Meltdown patch pushes Smoke Loader malware

The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actual...

Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader

Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...

DEBIAN-CVE-2017-1000476

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service...

openSUSE Security Update : gdk-pixbuf (openSUSE-2017-1426)

This update for gdk-pixbuf provides the following fixes : - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417 This update was imported from the SUSE:SLE-12-SP2:Update update...

SUSE SLED12 / SLES12 Security Update : gdk-pixbuf (SUSE-SU-2017:3441-1)

This update for gdk-pixbuf provides the following fixes : - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417 Note that Tenable Network Security has extracted the preceding...

SUSE-SU-2017:3441-1 Security update for gdk-pixbuf

This update for gdk-pixbuf provides the following fixes: - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader bsc1053417 - Adds support for BMPv3 with bitmasks bsc1053417...

UBUNTU-CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow

Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments...

PT-2017-3532

Name of the Vulnerable Software and Affected Versions: glibc version 2.1.1 Description: The issue is related to a memory leak in glibc that can be triggered and amplified through the LD HWCAP MASK environment variable. It is associated with errors in resource management in the dynamic loader ld.s...

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...

OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

USN-3497-1 openjdk-7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-8149

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attack...

CVE-2017-8150

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker wi...

SpookFlare - Meterpreter Loader Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom...