Design/Logic Flaw

In verifysignedhash in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2...

CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

CVE-2018-6053

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page...

CVE-2018-6037

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page...

CVE-2018-6037

Removed by vendor...

CVE-2018-6053

Removed by vendor...

Nmap Bootstrap XSL - A Nmap XSL Implementation With Bootstrap

A Nmap XSL implementation with Bootstrap. How to use Add the nmap-bootstrap.xsl as stylesheet to your Nmap scan. For example: nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org Open...

Buffer overflow

An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in...

Mail Security Testing Framework

Mail Security Testing Framework is a testing framework for mail security and filtering solutions. The mail security testing framework works with with Python =3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the...

CVE-2018-11832

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow...

EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1232)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local...

Kernel update: Virtuozzo ReadyKernel patch 61.0 for Virtuozzo 7.0.8 and 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to Virtuozzo 7.0.8 and 7.0.8 HF1. Vulnerability id: PSBM-87836 It was discovered that a container with NFS mounts could keep the files /var/lib/nfs/rpcpipefs/nfs/clntX open, even if no NFS server was...

CVE-2018-3616

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network...

CVE-2017-1084

CVE-2017-1084 affects FreeBSD prior to 11.2-RELEASE. Multiple stack guard-page implementation issues weaken protections, enabling a stack overflow by a poorly written process. Public PoCs/Exploits exist (FGPE/FGPU) and vendor-advised path is to upgrade to 11.2-RELEASE or later to mitigate.

(RHSA-2018:2684) Low: .NET Core Runtime 2.1.4 and SDK 2.1.402 for Red Hat Enterprise Linux

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The...

PT-2018-1597 · Intel · Intel Active Management Technology +2

Name of the Vulnerable Software and Affected Versions: Intel Active Management Technology versions prior to 12.0.5 Description: A Bleichenbacher-style side channel vulnerability exists in the TLS implementation of Intel Active Management Technology. This issue may allow an unauthenticated user to...

USN-3763-1: Linux kernel vulnerability

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service...

Debian DSA-4289-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...