CVE-2017-18200

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fswaitdiscardbios calls, which allows local users to cause a denial of service BUG, as demonstrated by fstrim...

CVE-2017-18200

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fswaitdiscardbios calls, which allows local users to cause a denial of service BUG, as demonstrated by fstrim...

CVE-2017-18200

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fswaitdiscardbios calls, which allows local users to cause a denial of service BUG, as demonstrated by fstrim...

CVE-2018-7277

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

Cross site scripting

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior

Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevati...

Design/Logic Flaw

An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials...

CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has bee...

Information disclosure

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3...

CCN-lite Infinite Recursion Vulnerability

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An infinite recursion vulnerability exists in ccn-lite-ccnb2xml in versions of CCN-lite prior to 2.0.0. An attacker can exploit this vulnerability via a specially crafted file to trigger...

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation...

CVE-2017-15397

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

Information disclosure

Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

UBUNTU-CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation...

CVE-2017-15397

CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation...

CVE-2017-17663

CVE-2017-17663 affects the htpasswd component of mini_httpd (before v1.28) and thttpd (before v2.28). The vulnerability is a buffer overflow that can be exploited remotely to achieve code execution. Connected advisories corroborate a remote-code-execution impact and note fixes in later thttpd rel...