9138 matches found
CVE-2017-5109
CVE-2017-5109 affects Chromium before version 60.0.3112.78, where a UI spoofing vulnerability was identified in the browser’s UI components (per Arch/Debian advisories). The issue is fixed in 60.0.3112.78 (upstream) with the Debian/Arch advisories confirming remediation. Affected product: Chromiu...
CVE-2017-5110
Removed by vendor...
CVE-2017-5083
Removed by vendor...
CVE-2017-5104
Removed by vendor...
CVE-2017-5079
Removed by vendor...
CVE-2017-5101
Removed by vendor...
CVE-2017-5084
Removed by vendor...
CVE-2017-5072
Removed by vendor...
SUSE-SU-2017:2855-1 Security update for Botan
This update for Botan fixes the following issues: This security issue was fixed: - CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation in Botan allowed a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occured because an...
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-096)
According to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE...
Active Record allows bypassing of database-query restrictions
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
Ruby Psych::Emitter start_document Heap Overflow Vulnerability(CVE-2016-2338)
DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase...
PowerSAP - Powershell SAP Assessment Tool
PowerSAP is a simple powershell re-implementation of popular & effective techniques of all public tools such as Bizploit, Metasploit auxiliary modules, or python scripts available on the Internet. This re-implementation does not contain any new or undisclosed vulnerability. PowerSAP allows to rea...
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution Exploit
This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default...
MGASA-2017-0361 Updated firefox packages fix security vulnerabilities
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the...
RedHat Update for nss RHSA-2017:2832-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call...
Debian DLA-1118-1 : firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware...
CVE-2017-12236
Cisco IOS XE LISP Authentication Bypass (CVE-2017-12236) affects IOS XE 3.2–16.5 when acting as an IPv4/IPv6 map server. A logic regression allows an unauthenticated attacker to bypass EID→RLOC registration checks by sending crafted map-registration requests, potentially injecting invalid EID map...