CVE-2017-5884

It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library...

Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...

CVE-2017-5009

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2017-5025

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2017-5024

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

UBUNTU-CVE-2017-5025

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

chromium-browser: heap overflow in ffmpeg

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2017-5025

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

Aerospike Database Server Stack Buffer Overflow (CVE-2016-9052; CVE-2016-9054)

A memory corruption vulnerability has been reported in Aerospike Database Server. This vulnerability is due to improper bounds checking of user-supplied variable. A remote attacker could exploit these vulnerabilities by sending a maliciously crafted packet to the vulnerable server...

Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskSavvy Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

DiskSavvy Enterprise 9.1.14 / 9.3.14 GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskSavvy Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...

LibTIFF stack buffer overflow vulnerability (CNVD-2017-00978)

LibTiff is an application library responsible for encoding/decoding the TIFF image format. LibTIFF suffers from a stack buffer overflow vulnerability that stems from a failure to perform sufficient bounds checking when copying user data into an undersized buffer. An attacker could exploit this...

DiskSavvy Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise v9.1.14 and v9.3.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP...

DiskBoss Enterprise - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DiskBoss Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability i...

CVE-2016-8437

Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...

CVE-2016-8437

CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...

CVE-2016-8437

Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...

Updated xen packages fix security vulnerability

This xen update is based on upstream 4.5.5 maintenance release, and fixes the following security issues: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr CVE-2014-3672 The xrstor...