CVE-2017-15524

The Application Firewall Pack AFP, aka Web Application Firewall component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request...

Kemp Load Balancers Security Bypass Vulnerability

Kemp Load Balancer is a load balancing appliance from Kemp Technlogies, Inc.Application Firewall Pack AFP, a.k.a. Web Application Firewall is a Web application firewall component used in... A security bypass vulnerability exists in the AFP component of Kemp Load Balancer versions prior to 7.2.40....

Kemp Load Balancer WAF 7.2.40 Bypass

ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions Affected: 7.1.30 Nov 2015 to 7.2.40 Oct 2017 // Older versions...

Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability

Exploit for hardware platform in category web applications 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack AFP - Web Application Firewall WAF does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack AFP Versions...

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

UBUNTU-CVE-2017-16909

An error related to the "LibRaw::panasonicloadraw" function dcrawcommon.cpp in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image...

The vulnerability of the Application Control component of Kaspersky Embedded Systems Security allows for the execution of an application not listed in the white list.

The vulnerability of the Application Control component of Kaspersky Embedded Systems Security antivirus software arises due to the improper functioning of protection mechanisms under conditions of excessive service load. Exploiting this vulnerability allows a malicious actor to elevate their...

Inedo Otter Denial of Service Vulnerability

Inedo Otter is a set of server monitoring and configuration software from Inedo, USA. The software displays the configuration status of the target server by providing a dynamic, visual interface. A security vulnerability exists in Indeo Otter 1.7.4 and earlier versions where the vulnerable progra...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-36676)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in the loaddebugsection function in readelf.c in GNU Binutils 2.29.1. A remote attacker could exploit this...

DEBIAN-CVE-2017-17126

The loaddebugsection function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via an ELF file that lacks section headers...

Update Rollup 14 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 14 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Virtual Machine Manager. There are two updates available for Virtual Machine Manager, one for the Virtual Machin...

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

Qemu: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achiev...

The vulnerability of the clusterLoadConfig function in the Redis database management system allows a attacker to cause service interruptions or other adverse effects.

The vulnerability of the clusterLoadConfig function in the Redis database management system arises from an operation that occurs outside the buffer in memory, due to the lack of checks on the values of migratingslotsto and migratingslotsfrom, which are defined in the configuration file. Exploitin...

UBUNTU-CVE-2017-16796

In SWFTools 0.9.2, the pngload function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service invalid write and application crash or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

UBUNTU-CVE-2017-16797

In SWFTools 0.9.2, the pngload function in lib/png.c does not properly validate an alloclen64 multiplication of width and height values, which allows remote attackers to cause a denial of service integer overflow, heap-based buffer overflow, and application crash or possibly have unspecified othe...

CVE-2017-16794

The pngload function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file, as demonstrated by an erroneous...

The vulnerability of the `load_elf_binary` function in the Linux operating system’s kernel allows a hacker to execute arbitrary code.

The vulnerability of the loadelfbinary function in the Linux operating system’s kernel arises from the improper allocation of the address range for the binary file PIE. This occurs when the CONFIGARCHBINFMTELFRANDOMIZEPIE configuration option is enabled, and the usual strategy for allocating...

CVE-2017-16615

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...