Fedora 26 : linux-firmware (2017-a253644369)

Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430 - Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 ---- - Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi, liquidio, QCom a530 & Venus, mlxsw, qed - Add iwlwifi 9000 series Note that Tenable Network Security has extracted the preceding...

Claymore Dual ETH + DCRSCLBCPASC GPU Miner - Stack Buffer Overflow Path Traversal

Claymore Dual ETH + DCRSCLBCPASC GPU Miner - Stack Buffer Overflow Path Traversal !/usr/bin/env python -- coding: UTF-8 -- github.com/tintinweb optional: pip install pysocks https://pypi.python.org/pypi/PySocks ''' API overview: nc -L -p 3333 "id":0,"jsonrpc":"2.0","method":"minergetstat1"...

How to configure H.265 video VDA encoding for NVIDIA GPUs

Support for H.265 Encoding/Decoding H.265 video encoding on 7.16 VDAs with H.265-compatible NVIDIA GPUs and H.265 video decoding on Citrix Receiver for Windows 4.10 is supported for hardware acceleration of remote graphics and videos...

Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal

!/usr/bin/env python -- coding: UTF-8 -- github.com/tintinweb optional: pip install pysocks https://pypi.python.org/pypi/PySocks ''' API overview: nc -L -p 3333 "id":0,"jsonrpc":"2.0","method":"minergetstat1" "id":0,"jsonrpc":"2.0","method":"minerfile","params":"epools.txt",""...

Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16929)

VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...

Directory traversal

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

CVE-2017-16929

The CVE-2017-16929 issue affects Claymore’s Dual ETH + DCR/SC/LBC/PASC GPU Miner (version 10.1 and earlier) where the remote management interface allows authenticated path traversal via miner_file/miner_getfile. The vulnerability arises from missing path validation, enabling an attacker to read/w...

CVE-2017-16930

Claymore's Dual ETH miner (GPU) remote management interface in version 10.1 is affected by an unauthenticated stack-based buffer overflow triggered by logging an overly long API request. The vulnerability arises from logging via sprintf into a fixed-size 0x4000-byte buffer, enabling potential rem...

CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

Claymore's Dual Miner 10.1 Stack Buffer Overflow

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore References:...

Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones

The GPU driver of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could triggers double free and causes a system crash or arbitrary code execution. Vulnerability ID:...

CVE-2017-6264

An elevation of privilege vulnerability exists in the NVIDIA GPU driver gm20bclkthrotsetcdevstate, where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute...

Privilege escalation

An elevation of privilege vulnerability exists in the NVIDIA GPU driver gm20bclkthrotsetcdevstate, where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute...

CVE-2017-6264

CVE-2017-6264 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver used on Android, specifically within the gm20b_clk_throt_set_cdev_state path. An out-of-bounds memory read can be used as a function pointer, potentially allowing a local attacker to execute arbitrary code in kernel...

CVE-2017-6264

An elevation of privilege vulnerability exists in the NVIDIA GPU driver gm20bclkthrotsetcdevstate, where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute...

Google Android NVIDIA Component Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and the NVIDIA GPU driver is an NVIDIA graphics processor driver component used in it. The NVIDIA GPU driver in Android is vulnerable to a power lifting vulnerability. A remote...

Hashcat v4.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

A Managed Password Cracking Tool: GoCrack

FireEye’s Innovation and Custom Engineering ICE team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks. Simply deploy a GoCrack server...