CVE-2018-11506

The srdoioctl function in drivers/scsi/srioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as...

DEBIAN-CVE-2018-11506

The srdoioctl function in drivers/scsi/srioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as...

CVE-2018-11506

The srdoioctl function in drivers/scsi/srioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as...

The vulnerability of the mechanism for handling errors during the establishment of SSL connections for Qualcomm’s Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the error handling mechanism for establishing SSL connections in Qualcomm’s Android operating system is related to improper error handling of errors returned by the RNG function. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality,...

The vulnerability of the Qualcomm operating system Android allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Android operating system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information using the RIL interface...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3654-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3654-2 advisory. USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the...

Ubuntu: Security Advisory (USN-3656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3656-1: Linux kernel (Raspberry Pi 2, Snapdragon) vulnerabilities

Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-17975 It was discovered that a race condition existed in the F2FS implementatio...

USN-3654-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors...

USN-3654-1: Linux kernel vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

The vulnerability of the Qualcomm QCRIL component in the Android operating system allows a hacker to trigger buffer overflows.

The vulnerability of the Qualcomm QCRIL component in the Android operating system is caused by a numerical overflow. Exploiting this vulnerability allows a remote attacker to trigger the buffer overflow...

CVE-2017-18268

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...

CVE-2018-0297

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer SSL Access Control AC policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets...

Cisco Firepower Threat Defense software Remote Security Bypass Vulnerability

Cisco Firepower Threat Defense is the United States Cisco Cisco company's set of software running in the firewall. detection engine is one of the detection engine. A security vulnerability exists in the detection engine in Cisco Firepower Threat Defense, which stems from the program's failure to...

The vulnerability in the implementation of the TLS protocol for Cavium Nitrox SSL, Nitrox V SSL, Octeon SSL, and TurboSSL development tools allows a hacker to disclose sensitive information that should be protected.

The vulnerability of the TLS Transport Layer Security implementation in Cavium Nitrox SSL, Nitrox V SSL, Octeon SSL, and TurboSSL development kits is related to errors in the TLS standard’s implementation. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

T.JOY KINEPASS App for Android and iOS SSL Server Certificate Vulnerability

T.JOY KINEPASS App for Android is an Android-based application for booking and purchasing movie tickets online from T.JOY Japan.KINEPASS App for iOS is its iOS-based version. A security vulnerability exists in T.JOY KINEPASS App 3.1.1 and earlier versions for Android and KINEPASS App 3.1.2 and...

Simple DirectMedia Layer SDL2_image Stack Buffer Overflow Vulnerability

Simple DirectMedia Layer is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software, and emulators. sdl2image is a component used in it for parsing and displaying various image file formats. A stack buffer overflow vulnerability exists in t...

Simple DirectMedia Layer SDL2_image Heap Buffer Overflow Vulnerability

Simple DirectMedia Layer is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software, and emulators. sdl2image is a component used in it for parsing and displaying various image file formats. A heap buffer overflow vulnerability exists in th...

Simple DirectMedia Layer SDL2_image Double Release Vulnerability

Simple DirectMedia Layer is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software, and emulators. sdl2image is a component used in it for parsing and displaying various image file formats. A double release vulnerability exists in the XCF...

CVE-2018-0591

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...