CVE-2017-0373

The genclasspod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model aka libconfig-model-perl before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file...

CVE-2017-0373

The genclasspod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model aka libconfig-model-perl before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file...

RedHat Update for libtirpc RHSA-2017:1263-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9059

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak...

USN-3290-1 linux vulnerability

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer skb truncation. A local attacker could use this to cause a denial of service system crash...

Fatal vulnerability will allow an attacker to bypass Apple's OTR signature verification and steal your iCloud keychain information-vulnerability warning-the black bar safety net

! Background content In the analysis of the iOS platform and sandbox escape about the attack surface when we in the iCloud keychain sync feature of OTR implementation has discovered a serious security vulnerability. iCloud keychain sync feature allows users in a secure manner across the device to...

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3290-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3290-1 advisory. Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer skb truncation. A local attacker could use this to cause a denial...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys tcpip.sys

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind Implementation Bugs in afd.sys tcpip.sys Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function,...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware...

Trump Signs Cybersecurity Executive Order

President Trump today signed a long-delayed cybersecurity executive order that prioritizes the protection of federal networks and critical industries, and instructs agency heads to implement the NIST Framework for Improving Critical Infrastructure Cybersecurity. The order was to be signed in late...

Akamai IT Challenge - 100 apps on EAA in 100 days

About a month or so ago I shared a quick video interview with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. In the video Joe outlines a few of the major initiatives he and the team are working on, including moving towards eliminating the VPN...

[SECURITY] Fedora 24 Update: bouncycastle-1.52-9.fc24

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment including the newly released J2ME with the additional infrastructure to conform the algorithms to the JCE...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2017-8305

The UDFclient before 0.8.8 custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library e.g., glibc that lacks its own strlcpy...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2017-7465

It was found that the JAXP implementation used in EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Mitigation Doing a transform in JAXP requires the use of a...

Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net

AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...