CVE-2017-17813

In Netwide Assembler NASM 2.14rc0, there is a use-after-free in the pplistonemacro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors...

Security Advisory - Numeric Errors Vulnerability in Some Huawei Routers

Some Huawei routers have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages...

Authentication fails using SSH keys since 2.3.5

Neither the Pagent agent or OpenSSH is working to authenticate since I upgraded. Switching SSH services makes no difference. If I go to the command line, using ssh -i identfile I have no issues authenticating to any system. Other symptoms include the terminal not going to the repository but using...

Authentication fails using SSH keys since 2.3.5

Neither the Pagent agent or OpenSSH is working to authenticate since I upgraded. Switching SSH services makes no difference. If I go to the command line, using ssh -i identfile I have no issues authenticating to any system. Other symptoms include the terminal not going to the repository but using...

The vulnerability of Xen hypervisors arises from errors in the permission copying process, which allow a violator to trigger a service failure, increase their privileges, or disclose sensitive information.

The vulnerability of Xen hypervisors is related to errors in the permission copying process. Exploiting this vulnerability can allow a malicious actor to cause service failures, increase their privileges, or expose sensitive information...

CVE-2017-5530

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0,...

Microsoft Internet Explorer Multiple Vulnerabilities (KB4052978)

This host is missing a critical security update according to Microsoft security updates KB4052978. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Input validation

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

USN-3512-1 openssl vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

Debian DLA-1199-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.0-1deb7u1...

CVE-2017-3737

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

Citrix XenServer Multiple Security Updates (CTX230138)

A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

XenMobile: 500 Server Internal Error when uploading Android APK File to XMS

When trying to upload an APK app to the XMS console using Internet Explorer 11, we are getting a 500 Server Internal Error Looking into the error logs. The previous version x.x.x.0 works fine however upgrading the version gives - 500 Server Internal Error...

CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

CVE-2017-17044

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service infinite loop and host OS hang by leveraging the mishandling of Populate on Demand PoD errors...

Socket and SSL error messages in Receiver for Windows 4.10

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Protocol driver error message in earlier versions While using receiver a common error that you might...

CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

UBUNTU-CVE-2017-17045

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

Design/Logic Flaw

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...

CVE-2017-17044

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service infinite loop and host OS hang by leveraging the mishandling of Populate on Demand PoD errors...