The vulnerability of the altivec_unavailable_exception function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the altivecunavailableexception function arch/powerpc/kernel/traps.c in the Linux operating system is related to errors in data processing on 64-bit operating systems. This occurs when CONFIGALTIVEC is defined, and the processor supports Activec, but its support is not detect...

CVE-2017-4933

VMware ESXi 6.5 before ESXi650-201710401-BG, Workstation 12.x before 12.5.8, and Fusion 8.x before 8.5.9 contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this...

Web Insight Data Not Visible on NetScaler MAS

AppFlow aka Insight has been enabled for the VServer and Services. Enabled Web Insights on NetScaler MAS no data is displayed. Firewall port UDP 4739 is allowed from the NetScaler NSIP/SNIP to the MAS appliance. ULFD was disabled and server was removed...

DRUPAL-CONTRIB-2017-091

The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration. This...

Apocalypse Meow 21.1.3-21.2.7 - BCrypt Authentication Bypass

Requires bcrypt to be enabled...

transmission-daemon -- vulnerable to dns rebinding attacks

Google Project Zero reports: The transmission bittorrent client uses a client/server architecture, the user interface is the client which communicates to the worker daemon using JSON RPC requests. As with all HTTP RPC schemes like this, any website can send requests to the daemon listening on...

AWS re:Invent 2017: Wallarm Delivers its AI-enabled NG-WAF and scanner to AWS Customers

We are thrilled to be sponsoring this year’s AWS re:INVENT in Las Vegas. With many of our customers using AWS infrastructure it is critical for us to provide a frictionless way to protect APIs, applications and micro-services in AWS environments. Filtering nodes for Wallarm’s NG-WAF with Active...

FTP wildcard out of bounds read

libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with the CURLOPTWILDCARDMATCH option can use a built-in wildcard function or a user provided one. The built-in wildcard function has a flaw that makes it not detect t...

CVE-2017-3891

In BlackBerry QNX Software Development Platform SDP 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on oth...

CVE-2017-3891

In BlackBerry QNX Software Development Platform SDP 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on oth...

FreeFloat FTP Server 1.0 HOST Buffer Overflow

!/usr/bin/python Exploit Title: FreeFloat FTP Server HOST Buffer Overflow ASLR Bypass Date: 11/05/2017 Exploit Author: 1N3@CrowdShield - https://crowdshield Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: 1.00 Tested on: Windows Vista SP2 Ultimate x86 ASLR...

ONVIF Username and Password leak

The remote ONVIF enabled device is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this to disclose sensitive information related to the device, specifically the admin username and password. C Tenable Network Security, Inc. include"compat.inc";...

CVE-2017-6161

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually...

The vulnerability of the Internet Key Exchange version 2 (IKEv2) module in Cisco IOS and Cisco IOS XE operating systems allows a attacker to cause a service failure and a device restart.

The vulnerability of the Internet Key Exchange version 2 IKEv2 in Cisco IOS and Cisco IOS XE operating systems is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failure and forced restarts of devices by using specially crafted IKE...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

Puppet vulnerable to Path Traversal

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

CVE-2017-12229

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for th...

CVE-2017-12237

CVE-2017-12237 affects Cisco IOS (15.0–15.6) and IOS XE (3.5–16.5) with ISAKMP enabled. The IKEv2 module is vulnerable to unauthenticated remote probes via specific IKEv2 packets, allowing high CPU utilization, traceback messages, or device reloads that cause DoS. Affected devices need ISAKMP to ...