CVE-2017-0341

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

IBM: Destroy USBs Infected with Malware Dropper

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices. IBM would not comment on the source of the infection or where in the supply chain the interdiction happened, and instead referred Threatpost to an...

openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1140-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

BSA-2017-254

Security Advisory ID : BSA-2017-254 Component : Open SSH Revision : 2.0: Final Themmnewkeysfromblobfunction inmonitorwrap.cinsshdinOpenSSH6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to...

Cross site request forgery (csrf)

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...

CVE-2007-6761

drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobufmapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321...

CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

Percona XtraBackup Information Disclosure Vulnerability

Percona XtraBackup is the U.S. Percona company's set of open source used to backup MySQL InnoDB database tools. An information disclosure vulnerability exists in xbcrypt in Percona XtraBackup versions prior to 2.3.6 and 2.4.x versions prior to 2.4.5, which stems from the program failing to proper...

ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

The version of the remote VMware ESXi 6.0 host is 6.0 U1 prior to build 5251621, 6.0 U2 prior to build 5251623, or 6.0 U3 prior to build 5224934. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute...

ESXi 6.5 < Build 5224529 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)

The version of the remote VMware ESXi 6.5 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities : - A stack memory initialization flaw exists that allows an attacker on the guest to execute arbitrary code on the host. CVE-2017-4903 - An unspecified flaw exists in...

VMware Fusion 8.x < 8.5.6 Multiple Vulnerabilities (VMSA-2017-0006) (macOS)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.6. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists due to improper validation of certain input. An attacker on the guest can exploit this to cause a...

(Pwn2Own) VMware Workstation Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

[SECURITY] Fedora 25 Update: cloud-init-0.7.8-6.fc25

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

UBUNTU-CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

xrdp elevation of privilege vulnerability

xrdp is an open source Remote Desktop Protocol RDP server developed by software developer Jay Sorg. An elevation of privilege vulnerability exists in xrdp version 0.9.1, which stems from a failure to properly initialize the PAM session module. An attacker can exploit this vulnerability to cause a...

UBUNTU-CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

DEBIAN-CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

UBUNTU-CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...