UBUNTU-CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

AZL-7170 CVE-2017-6827 affecting package audiofile 0.3.6-27

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile aka libaudiofile and Audio File Library 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

CVE-2016-6485

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...

F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K37510383)

The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished. CVE-2015-5283 ...

Axessh 4.2 - Denial Of Service

Axessh是一款windows下的ssh工具，使用后会开启ssh 22端口，并开启wsshed.exe服务，当wsshed.exe在接收字符串时，会调用BIGNUM相关函数进行处理，但对于BIGNUM的结构体没有进行赋初值，导致空指针引用引发拒绝服务漏洞，下面对此漏洞进行详细分析。 这里要提的一点是，Exploit-db给的PoC可以触发漏洞，但实际上，只要连接22端口，都会引发这个漏洞的发生，哪怕只发送一字节的内容。 附加wsshed.exe，执行PoC，引发中断，这边捕获到漏洞触发位置。 0:000 g f74.a68: Access violation - code c00000...

USN-3199-2 Python Crypto regression

USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...

DEBIAN-CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

Ubuntu 14.04 LTS / 16.04 LTS : Python Crypto vulnerability (USN-3199-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3199-1 advisory. It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability....

USN-3199-1: Python Crypto vulnerability

It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...

CVE-2016-5417

Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver data structures...

Error code 0x00007E, BSOD, When Creating vdisk - BNIStack Failed, Network Stack Could Not Be Initialized

While capturing a new vdisk using the imaging wizard software you receive a BSOD. This occurs after the first reboot when the master image VM is switched to boot from the network via the local BIOS. The details of the stop error are: BNIStack failed, network stack could not be initialized. Error...

Apple Safari WebKit Memory Initialization Vulnerability

Apple Safari is an American web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A memory initialization vulnerability exists in Apple Safari WebKit, which allows remote attackers to build malicious web pages that can be exploited to trick...

Oracle Java Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the creation of an...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

MGASA-2017-0037 Updated openafs packages fix security vulnerability

Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is...

Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...

Denial Of Service (DoS)

expat is susceptible to denial of service DoS attacks. The vulnerability is due to an incomplete fix of CVE-2012-0876 which leads to insufficient entropy for hash initialization...

Safari < 10.0.3 Multiple Vulnerabilities

Binary data 9931.prm...

DEBIAN-CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...