The vulnerability of the DNSAPI component for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the DNSAPI component DNSAPI.dll in Windows operating systems is related to insufficient access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the Local System Account by sending specially crafted DNS responses from ...

Security Bulletin: Open Source GNU glibc Vulnerabilities Security Bulletin: Open Source GNU glibc Vulnerabilities which is used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-12132)

Summary There are vulnerabilities in the Open Source GNU glibc that is used by the OS Images for IBM PureApplication Software Suite, IBM Bluemix Local System and IBM PureApplication System/Software Vulnerability Details CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library aka glibc or libc6 could all...

Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Summary Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a remote attacker...

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM...

Security Bulletin: There is a potential cross-site request forgery in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2017-1194)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Cross-site request...

Potential security vulnerability in WebSphere Application Server. IBM WebSphere Application Server ships with IBM PureApplication System (CVE-2017-1137)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Potential security...

Windows DNSAPI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the...

Microsoft Windows: Network security: Allow Local System to use computer identity for NTLM

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnseclocalsyscompntlm.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Network security: Allow Local System to use computer identity for NTLM Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2017-7768

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access,...

CVE-2017-5409

The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows...

CVE-2016-5295

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only...

CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2016-5294

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird 45.5, Firefox ESR...

CVE-2017-7767

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operati...

Code injection

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operati...

Privilege escalation

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the...

Code injection

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access,...

Design/Logic Flaw

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird 45.5, Firefox ESR...

CVE-2017-7836

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system...