5121 matches found
Open Source Intelligence and Forensics : Maltego
Maltego is an open source intelligence and forensics application Maltego is a visual link analysis tool that, out the box, comes with open source intelligence OSINT plugins, called transforms. The tool offers real-time data mining and information gathering as well as the representation of this...
DEBIAN-CVE-2016-3960
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service host crash or possibly gain privileges by shadowing a superpage mapping...
Integer overflow
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service host crash or possibly gain privileges by shadowing a superpage mapping...
xen-kernel -- x86 shadow pagetables: address width overflow
The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an...
SUSE-SU-2016:1038-1 Security update for Linux Kernel Live Patch 6
This update for the Linux Kernel 3.12.44-52.10.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...
SUSE-SU-2016:1033-1 Security update for Linux Kernel Live Patch 3 for SP 1
This update for the Linux Kernel 3.12.53-60.30.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...
SUSE-SU-2016:1034-1 Security update for Linux Kernel Live Patch 11
This update for the Linux Kernel 3.12.51-52.39.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...
Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR(CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net
! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...
TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)
简要描述: TRSids设计缺陷xxe/用户信息泄露包括密码,好久没有发过漏洞了,突然上来看了看,发现漏洞提交页面都变了 详细说明: 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...
kernel: integer overflow in fb_mmap
An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file /dev/fb could possibly use this flaw to escalate their privileges on the system...
Linux Kernel hugetlb_vmtruncate_list() Denial of Service Vulnerability
Linux Kernel is an open source operating system. A security vulnerability in the Linux Kernel hugetlbvmtruncatelist function allows local users to trigger a page mapping error and cause a denial of service attack...
OracleVM 2.2 : xen (OVMSA-2016-0012)
The remote OracleVM system is missing necessary patches to address critical security updates : - XSA-125: Limit XENDOMCTLmemorymapping hypercall to only process up to 64 GFNs or less Jan Beulich 20732412 CVE-2015-2752 - XSA-126: xen: limit guest control of PCI command register Jan Beulich 2073939...
CVE-2015-8709
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor...
CVE-2015-8709
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor...
The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure
The vulnerability of the libxl toolstack library in Xen hypervisors lies in the improper implementation of the file mapping procedures used by kernels and disks during initial initialization when working with domains within the same process. Exploiting this vulnerability can allow a malicious act...
Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory
Updated OpenStack Compute packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...
CVE-2015-8341
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service memory and disk consumption by starting domains...
win32k Desktop and Clipboard - Null Pointer Dereference
win32k Desktop and Clipboard - Null Pointer Dereference Source: https://code.google.com/p/google-security-research/issues/detail?id=534 The attached PoC triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null pag...
Google Chrome V8 Denial of Service Vulnerability (CNVD-2015-07961)
Google Chrome is the United States Google Google company developed a Web browser. Google V8 is one of the open source JavaScript engine. A security vulnerability exists in the js/array.js file of Google V8 used in Google Chrome 47.0.2526.73, which stems from the program's failure to properly...