CVE-2017-8247

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to getpid being called more than once, however putpid being called only once in function...

DEBIAN-CVE-2017-14103

The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call...

DEBIAN-CVE-2017-12448

The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because...

PT-2017-2461 · Oracle +3 · Dbd::Mysql +3

Name of the Vulnerable Software and Affected Versions: DBD::mysql module versions through 4.043 Description: The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, by triggering certain error responses from a MySQL server or a loss of network...

DEBIAN-CVE-2017-9935

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2pwritepdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2pfree, memory...

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CompuLab Intense PC and MintBox 2 BIOS Privilege Vulnerability

The CompuLab Intense PC and MintBox 2 are both mini-PC devices from CompuLab Israel. the BIOS is a ROM on-chip application. A BIOS privilege vulnerability exists in CompuLab Intense PC and MintBox 2 using versions of BIOS prior to 2017-05-21, which stems from the program's failure to apply write...

Android ALSA PCM Playback Kernel Module Memory Misreference Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which the ALSA PCM Playback Kernel Module is an audio playback kernel module. A security vulnerability exists in the 'msmpcmplaybackclose' function of the ALSA PCM Playback Kern...

BSA-2017-305

Security Advisory ID : BSA-2017-305 Component : Apache Tomcat Revision : 1.0: Interim The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data...

DEBIAN-CVE-2017-2377

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service memory corruption and application crash by leveraging a window-close action...

UBUNTU-CVE-2017-2377

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service memory corruption and application crash by leveraging a window-close action...

Android Dialog Denial of Service Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. A denial of service vulnerability exists in the Android system dialog. The vulnerability is caused by the system-level Intent mechanism "android.intent.action.CLOSESYSTEMDIALOGS" in...

DEBIAN-CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

UBUNTU-CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

UBUNTU-CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...