CVE-2017-14457

The CVE-2017-14457 issue impacts CPP-Ethereum’s libevm create2 opcode handler. A crafted contract can set an extremely large initSize passed to the bytesConstRef used to compute the create2 hash, enabling an out-of-bounds read that can cause memory disclosure or a denial of service. Talos and CVE...

CVE-2018-2680

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks requi...

Unspecified Vulnerability in Oracle Database Server Java VM (CNVD-2018-02353)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server. An attacker could exploit this vulnerability...

CPP-Ethereum libevm create2 Information Leak Vulnerability(CVE-2017-14457)

Summary An exploitable information leak / denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker ca...

RHEL 6 / 7 : rhev-hypervisor7 (RHSA-2018:0046) (Meltdown) (Spectre)

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

MGASA-2018-0062 kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

VMware Player 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)

The version of VMware Player installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual machine t...

Citrix App Layering - User Layer Error "We were unable to attach your User Layer"

When end users log into a virtual machine with Elastic layering enabled, they see the error "We were unable to attach your User Layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location." Details: "Access to the path...

VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (macOS)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.9. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual...

VMware Workstation 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)

The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities that can allow code execution in a virtual machine via the authenticated VNC session as well as cause information disclosure from one virtual...

BtleJuice Framework - Bluetooth Smart (LE) Man-in-the-Middle Framework

BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install BtleJuice ? Installing BtleJuice...

Remote code execution

VMware ESXi 6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG, Workstation 12.x before 12.5.8, and Fusion 8.x before 8.5.9 contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this iss...

CVE-2017-4941

VMware ESXi 6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG, Workstation 12.x before 12.5.8, and Fusion 8.x before 8.5.9 contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this iss...

XenDesktop Setup Wizard completes without error, but there's no VM has been created in Hyper-V SCVMM

XenDesktop Setup Wizard completes without error, but no VM has been created in Hyper-V SCVMM. And there's noparticular error messages from CDF trace either...

Droidefense - Advance Android Malware Analysis Framework

Droidefense originally named atom: a nalysis t hrough o bservation m achine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

December 12, 2017—KB4054517 (OS Build 16299.125)

December 12, 2017—KB4054517 OS Build 16299.125 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge...

KLA11857 ACE vulnerability in Microsoft System Center

A remote code execution vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11940 Related products Microsoft-System-Center-Virtual-Machine-Manager Microsoft-Forefront-Protection...

Unauthorized Access Vulnerability in NX-OS System Software for Multiple Cisco Products

Cisco Nexus 3000 Series Switches and others are products of Cisco Corporation.Cisco Nexus 3000 Series Switches is a 3000 series switch.Nexus 9500 R-Series Line Cards is a 9500R series line card. NX-OS System Software is an operating system that runs on it. An unauthorized access vulnerability...

UBUNTU-CVE-2017-17044

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service infinite loop and host OS hang by leveraging the mishandling of Populate on Demand PoD errors...