Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsyste...

Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-1430)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

aorura (=0.1.0), arduinors (>=0.1.0 <=0.1.1) +99 more potentially affected by unknown CVE via serial (>=0.2.1 <=0.4.0)

serial CARGO version =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.15.0, =0.16.0, =0.15.0, =0.15.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2017-0008...

`serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

libmtp ptp-pack.c file integer overflow vulnerability

libmtp is an LGPL library for the Media Transport Protocol. An integer overflow vulnerability exists in the ptp-pack.c file in libmtp 1.1.12 and earlier. A remote attacker could exploit this vulnerability by plugging a mobile device into a PC via the USB port to cause a denial of service...

Integer Overflow Vulnerability in libmtp 'ptp_unpack_EOS_CustomFuncEx' Function

libmtp is an LGPL library for the Media Transport Protocol. An integer overflow vulnerability exists in the 'ptpunpackEOSCustomFuncEx' function of the ptp-pack.c file in libmtp versions 1.1.12 and earlier. A remote attacker could exploit this vulnerability by plugging a mobile device into a PC vi...

UBUNTU-CVE-2017-9831

An integer overflow vulnerability in the ptpunpackEOSCustomFuncEx function of the ptp-pack.c file of libmtp version 1.1.12 and below allows attackers to cause a denial of service out-of-bounds memory access or maybe remote code execution by inserting a mobile device into a personal computer throu...

UBUNTU-CVE-2017-9832

An integer overflow vulnerability in ptp-pack.c ptpunpackOPL function of libmtp version 1.1.12 and below allows attackers to cause a denial of service out-of-bounds memory access or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable...

QEMU Denial of Service Vulnerability (CNVD-2017-15516)

QEMU is an open source emulator software. QEMU supports the USB EHCI emulation security vulnerability, which allows local attackers to exploit the vulnerability by submitting a specially crafted request that triggers memory corruption and crashes the application...

Debian Security Advisory DSA 3886-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0605 A buffer overflow flaw was discovered in the trace subsystem. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitfioctl...

DEBIAN-CVE-2017-9374

Memory leak in QEMU aka Quick Emulator, when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service memory consumption by repeatedly hot-unplugging the device...

UBUNTU-CVE-2017-9375

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

Oracle Linux 7 : qemu-kvm (ELSA-2017-1430)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1430 advisory. 1.5.3-126.el73.9 - kvm-spice-fix-spicechraddwatch-pre-condition.patch bz1452332 - Resolves: bz1452332 RHEL 7.2 based VM Virtual Machine hung for severa...

Important: Red Hat Security Advisory: qemu-kvm security and bug fix update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Platinum APT First to Abuse Intel Chip Management Feature

Advanced attackers operating in Southeast Asia are abusing a feature in Intel chips to quietly load malware and exploits onto compromised machines. Microsoft on Thursday published its latest research into a group it calls Platinum, which is keen on using previously untapped resources to stealthil...

DEBIAN-CVE-2017-9330

QEMU aka Quick Emulator before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505...

The vulnerability of the USB Mass Storage Class driver for the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system’s USB Mass Storage Class driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially programmed USB device...

Multiple Peplink Balance products are vulnerable to information leakage

Peplink Balance 305 and others are multi-exit load balancing routers for medium-sized businesses. An information disclosure vulnerability exists in several Peplink Balance products using firmware versions prior to fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. An attacker can exploit th...

Lenovo Service Bridge Insecure HTTP Connection Vulnerability

Lenovo Service Bridge is a Windows program from the Chinese company Lenovo Lenovo that automatically detects the serial number and model number of your device. An insecure HTTP connection vulnerability exists in versions prior to Lenovo Service Bridge 4. An attacker could use this vulnerability t...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...