PT-2017-2223 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the sctp v6 create accept sk function in net/sctp/ipv6.c, which mishandles inheritance. This allows local users to cause a denial of service or possibly have other...

Cross site scripting

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...

SQL injection vulnerability in the create_share.php page of TreeHole's external link system

Treehole external chain system is a free and open source PHP external chain network disk system, support for seven cattle, local, remote three kinds of storage methods, support for multi-user system. Treehugger createshare.php page SQL injection vulnerability , because the program fails to filter...

Privilege control logic vulnerability in Zendo project management software

Zendo is an open source project management software. The authorize function in the backend module\user\model.php of the Zendo project management software has a privilege control logic vulnerability, which leads to the users in the upper management group privilege 9 to use the create and update...

Jenkins User Login Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

Oracle Marketing Unauthorized Operation Vulnerability (CNVD-2017-06406)

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software, of which Oracle Marketing is a component for managing marketing-related information and processes. A security vulnerability exists in the User Interface subcomponent of the Oracle...

Cross-site Scripting (XSS)

manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...

DEBIAN-CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

CVE-2016-6519

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

Unitrends Enterprise Backup File Upload Vulnerability

Unitrends Enterprise Backup is backup software that incorporates cloud continuity services to ensure the recovery of your virtual, physical and cloud data, systems and applications. A file upload vulnerability exists in the createReportName and saveReport functions in Unitrends Enterprise Backup'...

Apple WebKit Safari 10.0.2(12602.3.12.0.1) - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting

Apple WebKit Safari 10.0.212602.3.12.0.1 - PrototypeMap::createEmptyStructure Universal Cross-Site Scripting jsCallee // newTarget may be an InternalFunction if we were called from Reflect.construct. JSFunction targetFunction = jsDynamicCastnewTarget; if LIKELYtargetFunction ... return...

Apple WebKit: UXSS via PrototypeMap::createEmptyStructure

When creating an object in Javascript, its |Structure| is created with the constructor's prototype's |VM|. Here's some snippets of that routine. Structure InternalFunction::createSubclassStructureExecState exec, JSValue newTarget, Structure baseClass ... if newTarget && newTarget != exec-jsCallee...

QEMU 'hw/9pfs/9p.c' has multiple denial of service vulnerabilities

QEMU is an open source emulator software. QEMU suffers from a denial of service vulnerability in the v9fscreate, v9fslcreate functions in hw/9pfs/9p.c, which allows a local attacker to exploit the vulnerability by submitting a special request to crash the application...

DEBIAN-CVE-2017-7377

The 1 v9fscreate and 2 v9fslcreate functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS privileged users to cause a denial of service file descriptor or memory consumption via vectors related to an already in-use fid...

Fedora 25 : xen (2017-054729ab08)

Qemu: 9pfs: host memory leakage via v9fscreate CVE-2017-7377 1437873 x86: broken check in memoryexchange permits PV guest breakout XSA-212, CVE-2017-7228 1438804 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

UBUNTU-CVE-2017-7377

The 1 v9fscreate and 2 v9fslcreate functions in hw/9pfs/9p.c in QEMU aka Quick Emulator allow local guest OS privileged users to cause a denial of service file descriptor or memory consumption via vectors related to an already in-use fid...

WebKit: use-after-free in FormSubmission::create (CVE-2017-2460)

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on a nightly version of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. Please note: This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available...

Apple WebKit - FormSubmission::create Use-After-Free Exploit

Exploit for multiple platform in category dos / poc function go object.name = "foo"; input.autofocus = true; output.appendChildinput; form.submit; function eventhandler forvar i=0;i a !-- ================================================================= Preliminary analysis: The bug is in...