Security Bulletin: NVIDIA GPU contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-6269 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a pointer passed from ...

CVE-2017-0380

The rendserviceintroestablished function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to t...

CVE-2017-14513

Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the ffilename parameter in a fingerprintdo action to admin/app/physical/physical.php...

Trend Micro Mobile Security for Enterprise widgetforsecurity talker Authentication Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the initialization of the users table in the tmwf database...

Microsoft Windows kernel information disclosure vulnerability (CNVD-2017-32963)

Microsoft Windows Server 2008 SP2 is a series of operating systems released by Microsoft. kernel component is one of the kernel components. An information disclosure vulnerability exists in the kernel component of Microsoft Windows, which arises from a program's failure to properly initialize...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have t...

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

DEBIAN-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

UBUNTU-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

Design/Logic Flaw

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

Monitoring Windows Console Activity (Part 2)

This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows. Read our first blog, "Monitoring Windows Console Activity Part 1," for more. Capturing the...

Lemur has an unspecified vulnerability

Lemur is a Python based TLS certificate management tool. A security vulnerability exists in Lemur version 0.1.4, which stems from the program's failure to use a random IV when encrypting AES.No detailed information about the vulnerability is currently available...

Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing

000c ProfiledLdEnvSlot R4 = 13 Line 28: super.a = 1; Col 13: ^ 0018 LdHomeObjProto R8 R4 001d ProfiledStSuperFld R8.this=R5 = R3 0 0025 LdUndef R0 Line 29: Col 9: ^ 0027 Ret PoC: -- class Parent ; class Child extends Parent constructor = super.a = 10; // Implicitly use the "this" register. So it...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Exploit for Open Redirect in Git-Scm Git

PoC exploit for CVE-2017-1000117, a vulnerability in the way Git handles submodule initialization. The target is Git, a vulnerability class/vector of arbitrary file write, probable entry point is the Git submodule initialization process, notable dependency is Git, and execution context is a Git...

DEBIAN-CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...