NVIDIA Driver - Escape 0x100010b Missing Bounds Check

NVIDIA Driver - Escape 0x100010b Missing Bounds Check Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=927 The DxgkDdiEscape handler for escape code 0x100010b looks like: char escape100010bNvMiniportDeviceContext miniportcontext, HANDLE handle, unsigned int idx PVOID Object; if...

NVIDIA Driver - Escape 0x100010b Missing Bounds Check

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=927 The DxgkDdiEscape handler for escape code 0x100010b looks like: char escape100010bNvMiniportDeviceContext miniportcontext, HANDLE handle, unsigned int idx PVOID Object; if !handle dodebugthingo; Object = PVOID...

Amazon Linux: Security Advisory (ALAS-2016-731)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3srvr.c, sslsess.c, and t1lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An...

VeraCrypt Audit Reveals Critical Security Flaws — Update Now

After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested...

Revive Adserver: Weak Forgot Password implementation

"Cricetinae" : Short Description The Forgot Password is missing a several industry best practices. I strongly believe due to the level of the access given after a successful exploitation, the implementation could have been better. Vulnerability Details Referring to OWASP Standards and guidelines...

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog archive...

DLA-650-1 mat - security update

Bulletin has no description...

RedHat Update for bind RHSA-2016:1944-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability in Intel SSD Toolbox allows authenticated users to elevate privileges via updater subsystem

Summary: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege level in the Operating System. Description: The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege in the Operating Syste...

CVE-2016-6636

The OAuth authorization implementation in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before...

CVE-2016-6308

statem/statemdtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted DTLS messages...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...

openSUSE Security Update : samba (openSUSE-2016-1111)

This update for samba provides the following fixes : - CVE-2016-2119: Prevent client-side SMB2 signing downgrade. bsc986869 - Fix possible ctdb crash when opening sockets with htonsIPPROTORAW. bsc969522 - Honor smb.conf socket options in winbind. bsc975131 - Fix ntlm-auth segmentation fault with...

Debian: Security Advisory (DSA-3674-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Application Policy Infrastructure Controller Access Bypass Vulnerability

Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3084-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3084-2 advisory. USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

USN-3083-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not...

CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...

CVE-2016-2179

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related to...