CVE-2017-9264

In lib/conntrack.c in the firewall implementation in Open vSwitch OvS 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions extractl3ipv6, extractl4tcp, and extractl4udp that can be triggered remotely...

VulnCheck KEV: CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended...

kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...

kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...

Internet Bug Bounty: Use After Free Vulnerability in array_walk()/array_walk_recursive()

https://bugs.php.net/bug.php?id=70713 I think this bugs is still security issue since this bug can be still triggered remotely in some real world&apps. Example: https://github.com/zendframework/zend-loader/blob/ceb32b5129525e1f19b01f37dbbcc6398b0a9635/src/ClassMapAutoloader.phpL210-L215...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a malicious actor to cause malfunctions during maintenance operations.

The software of the Siemens SIMATIC S7-1200 programmable logic controller contains a vulnerability. When this vulnerability is exploited, the device can be switched into an emergency mode by sending a special TCP/IP packet to port 102. This emergency mode persists until a hardware restart is...

The vulnerability of the BIND Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in libdns within ISC BIND due to incorrect processing of EDNS parameters. Exploiting this vulnerability allows malicious actors operating remotely to trigger a service failure a REQUIRE validation error and termination of the daemon using a specially crafted package...

Vulnerability of Cisco IOS software, which allows a malicious actor to trigger a service failure

The vulnerability in Cisco IOS and IOS XE allows malicious actors operating remotely to trigger a service failure by using improperly crafted IPv6 packets. This causes excessive memory consumption for input/output operations and triggers a device restart...

Vulnerability of Cisco IOS software, which allows a malicious actor to trigger a service failure

The vulnerability in Cisco IOS and IOS XE allows malicious actors operating remotely to trigger a service failure device reboot through improperly generated IKEv2 packets...

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

UBUNTU-CVE-2015-5820

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted 1 tel://, 2 facetime://, or 3 facetime-audio:// URL...

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...

The Ghost vulnerability the GHOST remote using the EXP-bug warning-the black bar safety net

This article demonstrates one of the Ghost vulnerability the GHOST of EXP, this EXP is Metasploit a module. This Metasploit module can be remote exploit CVE-2 0 1 5-0 2 3 5 out of glibc library gethostbyname function heap overflow vulnerability vulnerability, the goal is to run the Exim mail...

XnView 1.98 Denial of Service Vulnerability PoC

No description provided by source. done by BraniX found: 2011.06.19 published: 2011.06.20 tested on: Windows XP SP3 Home Edition tested on: Windows XP SP3 Professional App: XnView 1.98 latest version App Url: http://www.xnview.com xnview.exe MD5: ebe200d81a095d296e94e887dc40e607 Xjp2.dll MD5:...

Updated python-pymongo packages fix CVE-2013-2132

PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash CVE-2013-2132...

Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Xpient Cash Drawer Operation Vulnerability 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:...

Fedora 12 : krb5-1.7.1-9.fc12 (2010-8805)

Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network...

DSA-1695-1 ruby1.8 ruby1.9 - denial of service

Bulletin has no description...

Vinagre < 2.24.2 show_error() Remote Format String PoC

Exploit for unknown platform in category dos / poc ====================================================== Vinagre 2.24.2 showerror Remote Format String PoC ====================================================== -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs...