Lucene search
K

5121 matches found

n0where
n0where
added 2016/05/04 1:36 a.m.486 views

Open Source Intelligence and Forensics : Maltego

Maltego is an open source intelligence and forensics application Maltego is a visual link analysis tool that, out the box, comes with open source intelligence OSINT plugins, called transforms. The tool offers real-time data mining and information gathering as well as the representation of this...

7AI score
Exploits0
OSV
OSV
added 2016/04/19 2:59 p.m.1 views

DEBIAN-CVE-2016-3960

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service host crash or possibly gain privileges by shadowing a superpage mapping...

8.8CVSS7.1AI score0.00455EPSS
Exploits0References1
Prion
Prion
added 2016/04/19 2:59 p.m.24 views

Integer overflow

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service host crash or possibly gain privileges by shadowing a superpage mapping...

7.2CVSS7.5AI score0.00455EPSS
Exploits0References9Affected Software2
FreeBSD
FreeBSD
added 2016/04/18 12:0 a.m.39 views

xen-kernel -- x86 shadow pagetables: address width overflow

The Xen Project reports: In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field. If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an...

8.8CVSS0.4AI score0.00455EPSS
Exploits0References1
OSV
OSV
added 2016/04/14 2:30 p.m.10 views

SUSE-SU-2016:1038-1 Security update for Linux Kernel Live Patch 6

This update for the Linux Kernel 3.12.44-52.10.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

10CVSS7.2AI score0.14281EPSS
Exploits10References9
OSV
OSV
added 2016/04/14 11:44 a.m.12 views

SUSE-SU-2016:1033-1 Security update for Linux Kernel Live Patch 3 for SP 1

This update for the Linux Kernel 3.12.53-60.30.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

10CVSS7.2AI score0.14281EPSS
Exploits10References9
OSV
OSV
added 2016/04/14 11:41 a.m.5 views

SUSE-SU-2016:1034-1 Security update for Linux Kernel Live Patch 11

This update for the Linux Kernel 3.12.51-52.39.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

10CVSS7.2AI score0.14281EPSS
Exploits10References9
myhack58
myhack58
added 2016/04/11 12:0 a.m.14 views

Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR(CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net

! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...

7.8AI score
Exploits0
seebug.org
seebug.org
added 2016/03/24 12:0 a.m.205 views

TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)

简要描述: TRSids设计缺陷xxe/用户信息泄露包括密码,好久没有发过漏洞了,突然上来看了看,发现漏洞提交页面都变了 详细说明: 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/03/15 2:46 p.m.12 views

kernel: integer overflow in fb_mmap

An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file /dev/fb could possibly use this flaw to escalate their privileges on the system...

7.8CVSS6.2AI score0.03373EPSS
Exploits1References5
CNVD
CNVD
added 2016/02/23 12:0 a.m.4 views

Linux Kernel hugetlb_vmtruncate_list() Denial of Service Vulnerability

Linux Kernel is an open source operating system. A security vulnerability in the Linux Kernel hugetlbvmtruncatelist function allows local users to trigger a page mapping error and cause a denial of service attack...

5.5CVSS6.2AI score0.0034EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/02/15 12:0 a.m.26 views

OracleVM 2.2 : xen (OVMSA-2016-0012)

The remote OracleVM system is missing necessary patches to address critical security updates : - XSA-125: Limit XENDOMCTLmemorymapping hypercall to only process up to 64 GFNs or less Jan Beulich 20732412 CVE-2015-2752 - XSA-126: xen: limit guest control of PCI command register Jan Beulich 2073939...

7.8CVSS7.8AI score0.03427EPSS
Exploits0References7
OSV
OSV
added 2016/02/08 3:59 a.m.7 views

CVE-2015-8709

kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor...

7CVSS7.7AI score
Exploits0References25
Debian CVE
Debian CVE
added 2016/02/08 2:0 a.m.32 views

CVE-2015-8709

kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor...

7CVSS7.6AI score0.00398EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/01/18 12:0 a.m.5 views

The vulnerability of Xen hypervisors, which allows a malicious actor to trigger a service failure

The vulnerability of the libxl toolstack library in Xen hypervisors lies in the improper implementation of the file mapping procedures used by kernels and disks during initial initialization when working with domains within the same process. Exploiting this vulnerability can allow a malicious act...

7.8CVSS6.8AI score0.02043EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.32 views

Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

6.8CVSS7.1AI score0.03666EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/12/21 4:51 p.m.28 views

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory

Updated OpenStack Compute packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

5CVSS6.7AI score0.0367EPSS
Exploits0References9
OSV
OSV
added 2015/12/17 7:59 p.m.8 views

CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service memory and disk consumption by starting domains...

8.8AI score
Exploits0References4
exploitpack
exploitpack
added 2015/12/17 12:0 a.m.17 views

win32k Desktop and Clipboard - Null Pointer Dereference

win32k Desktop and Clipboard - Null Pointer Dereference Source: https://code.google.com/p/google-security-research/issues/detail?id=534 The attached PoC triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null pag...

0.5AI score
Exploits0
CNVD
CNVD
added 2015/12/08 12:0 a.m.3 views

Google Chrome V8 Denial of Service Vulnerability (CNVD-2015-07961)

Google Chrome is the United States Google Google company developed a Web browser. Google V8 is one of the open source JavaScript engine. A security vulnerability exists in the js/array.js file of Google V8 used in Google Chrome 47.0.2526.73, which stems from the program's failure to properly...

7.5CVSS8.8AI score0.02131EPSS
Exploits0References1
Rows per page
Query Builder