Akamai 2018 Spring Release, In A Nutshell

Progressing Towards Our Future in The Cloud, Together As organizations continue to fuel and execute on their digital transformation ambitions, they're increasingly finding significant business agility and cost savings by adopting cloud, multi-cloud, or hybrid architectures. Availability, security...

gcc security, bug fix, and enhancement update

4.8.5-28.0.1 - Orabug: 27557686 Egeyar Bagcioglu - Introduce 'oraclerelease' into .spec file. Echo it to gcc/DEV-PHASE. 4.8.5-28 - Minor testsuite fixes to clean up test results 1469697 - retpoline support for spectre mitigation 1535655 4.8.5-27 - bump for rebuild with RELRO enabled even for...

PMS 0.42 Stack-Based Buffer Overflow Exploit

Exploit for linux platform in category dos / poc Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer local module Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is...

BSA-2018-559

Security Advisory ID : BSA-2018-559 Component : Apache HTTPD Revision : 2.0: Final Apache HTTP Server httpd modsession modulehas an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session"...

CVE-2018-0152

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An...

CVE-2018-0160

A vulnerability in Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker...

CVE-2018-5454

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime...

CVE-2018-6957

VMware Workstation 14.x before 14.1.1, 12.x and Fusion 10.x before 10.1.1 and 8.x contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled...

Philips Intellispace Portal Arbitrary Code Execution Vulnerability

The Philips Intellispace Portal processes clinical images from different modalities and enables advanced visualization of images.ISP systems are deployed in the healthcare and public health sectors. An arbitrary code execution vulnerability exists in Philips Intellispace Portal, which can be...

[SECURITY] [DSA 4121-1] gcc-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4121-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2018 https://www.debian.org/security/faq -...

CVE-2017-14993

OXID eShop Community Edition before 6.0.0 RC3 development, 4.10.x before 4.10.6 maintenance, and 4.9.x before 4.9.11 legacy, Enterprise Edition before 6.0.0 RC3 development, 5.2.x before 5.2.11 legacy, and 5.3.x before 5.3.6 maintenance, and Professional Edition before 6.0.0 RC3 development, 4.9....

Debian DSA-4117-1 : gcc-4.9 - security update

This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4117. The text itself i...

[SECURITY] [DSA 4117-1] gcc-4.9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2018 https://www.debian.org/security/faq -...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

UBUNTU-CVE-2017-15094

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...

DEBIAN-CVE-2017-15094

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...

WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01285)

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WPGlobus plugin is used in one of the plugin used to create a multi-language blog. A cross-site scripting vulnerabili...

CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default...

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

DNS Traffic Capture: DNSCAP

dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap3 and other format. This utility is similar to tcpdump1, but has a number of features tailored to DNS transactions and protocol options. DNS-OARC uses dnscap for DITL data collections. Some o...