Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3385-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3385-2 advisory. USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3386-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3386-1 advisory. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3384-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3384-2 advisory. USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement H...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3385-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3385-1 advisory. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a...

Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

Adobe Digital Editions Multiple Vulnerabilities (Aug 2017) - Mac OS X

Adobe Digital Edition is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:digitaleditions...

Code injection

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service segmentation fault and process crash and execute arbitrary code via a crafted JPG...

Debian: Security Advisory (DSA-3929-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-8669

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers...

CVE-2017-11741

HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...

Ubuntu: Security Advisory (USN-3380-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Buffer overflow

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...

Buffer overflow vulnerability in multiple Huawei phones (CNVD-2017-19192)

Huawei honor 6x and honor 5C are both a smartphone from the Chinese company Huawei Huawei. A buffer overflow vulnerability exists in the driver in previous versions of the Huawei honor 6x Berlin-L21HNC432B360 and honor 5C NEM-AL10C00B356, which stems from the program's failure to adequately detec...

CVE-2017-11673

Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3366-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3366-1 advisory. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a...

Google Chrome < 60.0.3112.78 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 60.0.3112.78. It is, therefore, affected by multiple vulnerabilities as referenced in the 201707stable-channel-update-for-desktop advisory. - An issue was discovered in certain Apple products. iOS before 10.3.2 is...

Command injection

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

CVE-2015-1332

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted website...