Kernel: kvm: use after free in complete_emulated_mmio

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt...

CVE-2017-3647

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2017-3649

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

Microsoft Office Multiple Vulnerabilities (KB3191828)

This host is missing a critical security update according to Microsoft KB3191828 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office Multiple Vulnerabilities (KB3191848)

This host is missing a critical security update according to Microsoft KB3191848 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-7724

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723...

CVE-2017-3331

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Code injection

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite subcomponent: Primavera Desktop Integration. Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network acce...

CVE-2017-3457

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Information disclosure

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

Authentication flaw

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment...

CVE-2017-2334

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

CVE-2017-2334

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

CVE-2017-2332

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment...

CVE-2017-3462

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access vi...

wePresent WiPG Multiple Vulnerabilities

wePresent WiPG devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wepresent:wipg";...

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

VMware vRealize Operations Apache Struts2 RCE Vulnerability (VMSA-2017-0004)

VMware vRealize Operations is prone to a remote code execution RCE vulnerability in Apache Struts2. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Revive Adserver Multiple Vulnerabilities

Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...