krb5 -- Multiple vulnerabilities

MIT reports: CVE-2017-11368: In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462: RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subseque...

Errors while launching HDX apps from Receiver/Secure Hub

When trying to launch any HDX applications from iOSor Android devices below error message is displayed. Error Message on iOS Devices:- Connection Error: Server Error; The Server disconnected the session. Error Message on Android devices: Cannot Connect : Error Connecting to the session reliabilit...

Researcher Claims Samsung's Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backe...

kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and...

July 11, 2017—KB4025336 (Monthly Rollup)

July 11, 2017—KB4025336 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4022720 released June 27, 2017 and resolves the following issues: Addressed issue called out in KB4022720 where Internet Explorer 11 may close unexpected...

The vulnerability of the qsort function in the NetBSD operating system, which allows a hacker to execute arbitrary code (memory corruption).

The vulnerability of the qsort function in the NetBSD operating system is related to resource management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code memory consumption using a specially crafted input array...

The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code under the identity of the current user, during errors in data processing in memory using...

Debian DLA-1007-1 : icedove/thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. For Debian 7 'Wheezy', these problems have been fixed in version...

UBUNTU-CVE-2017-10788

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering 1 certain error responses from a MySQL server or 2 a loss of a network connection to a MySQL server. The...

The vulnerability of the software interface of the TimeZone component in the Android operating system allows a hacker to modify general resources.

The vulnerability of the TimeZone component’s software interface in the Android operating system arises from synchronization errors when using a common resource. Exploiting this vulnerability allows a remote attacker to modify the common resource...

The vulnerability of the Secure Display component in the Android operating system allows a hacker to modify the common resources.

The vulnerability of the Secure Display component in the Android operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to modify the shared resource...

The vulnerability of the android operating system’s sound driver ioctl handler allows a hacker to cause the device to freeze or fail to function properly.

The vulnerability of the Android operating system’s sound driver ioctl handler arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to cause the device to become unresponsive or to fail to function properly...

The vulnerability of the Apache Tomcat application server allows attackers to obtain confidential information.

The vulnerability of the Apache Tomcat application server is related to improper data processing. Exploiting this vulnerability allows a malicious actor to obtain confidential information from a remote perspective. If the processing of sent files is completed quickly, it is possible that the same...

The vulnerability of the WideVine DRM component for the Android operating system allows a violator to gain access to local files.

The vulnerability of the WideVine DRM component for the Android operating system is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to gain access to local files remotely...

The vulnerability of the Android operating system allows a hacker to trigger other errors, which can lead to service failure.

The vulnerability of the Android operating system is caused by a numerical overflow. Exploiting this vulnerability can allow a remote attacker to trigger other errors, which may lead to service failure...

CVE-2017-7496

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories...

The vulnerability of the Session Initiation Protocol (SIP) microprogramming software for Cisco TelePresence Codec Software and Cisco Collaboration Endpoint (CE) Software allows attackers to manipulate the accessibility of services and information, thereby causing service failures.

The vulnerability of the Session Initiation Protocol SIP microprogramming software for Cisco TelePresence Codec Software and Cisco Collaboration Endpoint CE Software is related to resource management errors. Exploiting this vulnerability allows a malicious actor to manipulate service availability...

SUSE-SU-2017:1581-1 Security update for Salt

This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems sysV to restart salt-minion in case of crashes during upgrade. - Fix format error. bsc1043111 - Fix ownership for whole master cache directory...

Debian DSA-3881-1 : firefox-esr - security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support...

The vulnerability of the CAF repository in the Android operating system allows a hacker to cause the device to freeze.

The vulnerability of the CAF repository in the Android operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause the device to become unresponsive in a “hang” state by utilizing the...