CVE-2017-7963

The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause a denial of service memory consumption and application crash via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely...

CVE-2017-7963

The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause a denial of service memory consumption and application crash via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely...

What's new in RIPS 2.0.0?

The new release RIPS 2.0.0 includes the following major changes: A complete new interface with optimized performance demo.ripstech.com A new extensive REST API for full feature automation api.ripstech.com Team and user privilege management Application-specific analysis profiles More detailed code...

TOVA 8 Unquoted Service Path Privilege Escalation

Exploit Title: TOVA 8 Precision Test Environment P.T.E - Unquoted Service Path Privilege Escalation Date of Discovery: February 17 2017 Exploit Author: Rithwik Jayasimha Author Homepage/Contact: https://thel3l.me Vendor Name: The TOVA Company Vendor Homepage: http://www.tovatest.com/ Software Lin...

Updated kernel-tmb packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

DEBIAN-CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

UBUNTU-CVE-2016-4331

When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or enhance their privileges

The vulnerability in the drivers/char/diag/diagdci.c file of Qualcomm’s Android operating system arises from a loss of integer precision. Exploiting this vulnerability can allow an attacker to increase their privileges or obtain confidential information through a specially created application...

Lenovo Mouse Suite Escalation of Privileges - Lenovo Support US

No description provided...

Lenovo Mouse Suite Escalation of Privileges

Lenovo Security Advisory: LEN-2015-066 Potential Impact: Escalation of Privileges Severity: High Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite included with ThinkPad Precision Wireless Mouse –part number 0B47161. Description: The Lenovo...

OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108...

kernel: kvm: reporting emulation failures to userspace

It was found that reporting emulation failures to user space could lead to either a local CVE-2014-7842 or a L2-L1 CVE-2010-5313 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects

The vulnerability of the srtpunprotect function in the Firefox WebRTC implementation arises due to a loss of precision in integer arithmetic. Exploiting this vulnerability can allow an attacker to cause a service failure or other effects such as memory corruption from a remote location...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the nsHtml5TreeBuilder class in the Thunderbird HTML5 client browser, as well as in Firefox and Firefox ESR browsers, arises due to a loss of precision. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure disruption of resourc...

The vulnerability of the Firefox browser, which allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Brotli algorithm implemented in the Firefox browser arises from the loss of precision for integer operations. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using specially crafted data compressed using the...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the ProcessCommandsInternal function in the Brotli data compression algorithm used by Google Chrome can be exploited due to a loss of precision in integer calculations. Exploiting this vulnerability may allow an attacker to cause a service failure buffer overflow, or possibly...

chromium-browser: out-of-bounds read in PDFium

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via a crafted JPEG 2000 image in a PDF document, related to the...

Vulnerabilities in the Grub2 operating system loaders, which allow attackers to obtain confidential information or cause service failures

The multiple vulnerabilities of the Grub2 operating system’s loader are caused by a loss of precision for an integer. Exploiting these vulnerabilities allows a local attacker to bypass authentication procedures, obtain confidential information, or cause a service failure disk corruption by using...

Lt Gen David Deptula on Desert Storm and Islamic State

This weekend Vago Muradian interviewed Lt Gen ret David Deptula, most famous for his involvement as a key planner for the Desert Storm air campaign. I recommend watching the entire video, which is less than 8 minutes long. Three aspects caught my attention. I will share them here. First, Lt Gen...