CVE-2017-7277

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service out-of-bounds read via crafted system calls, related to...

Torvalds Downplays SHA-1 Threat to Git

When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...

CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

The vulnerability of the shared memory manager of the sshd daemon used in OpenSSH encryption protection allows a hacker to increase their privileges.

The vulnerability of the manager of shared memory in the sshd daemon of the OpenSSH cryptographic protection mechanism arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges by...

CVE-2014-9914

Race condition in the ip4datagramreleasecb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect expectations about locking during multithreaded access to internal data structures...

DCMTK 3.6.0 storescp - Stack Buffer Overflow Exploit

Exploit for linux platform in category dos / poc !/usr/bin/env python -- coding: utf8 -- DCMTK storescp DICOM storage C-STORE SCP Remote Stack Buffer Overflow Vendor: OFFIS e. V. Product web page: http://www.dcmtk.org Affected version: = 3.6.0 Not affected: DCMTK-3.6.120160216 -...

DCMTK 3.6.0 storescp - Stack Buffer Overflow

DCMTK 3.6.0 storescp - Stack Buffer Overflow !/usr/bin/env python -- coding: utf8 -- DCMTK storescp DICOM storage C-STORE SCP Remote Stack Buffer Overflow Vendor: OFFIS e. V. Product web page: http://www.dcmtk.org Affected version: = 3.6.0 Not affected: DCMTK-3.6.120160216 -...

HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...

HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0178 HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4332 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage an...

Out-of-bounds

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...

CVE-2016-7914

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...

CVE-2016-7914

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...

CVE-2016-6682

drivers/misc/qcom/qdsp6v2/audioutils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug...

CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

RHEL 5 : openssl (RHSA-2016:1137)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1137 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

UBUNTU-CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...

CVE-2016-2460

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...

Vulnerabilities of operating systems Mac OS X and iOS, allowing attackers to execute arbitrary code

The vulnerability of the kernel in Mac OS X and iOS lies in errors during the initialization of undefined data structures. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating network connections remotely...

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

Ubuntu: Security Advisory (USN-2842-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...