OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-10272

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware subcomponent: Core. Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While...

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

Integer overflow

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

CVE-2017-2894

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...

CVE-2017-2892

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code...

CVE-2017-2895

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...

Polycom Command Shell Authorization Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'polycomhdxauthbypass', 'Author' = 'Paul Haas ', module 'h00die ', submission/cleanup ,...

CVE-2017-10382

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2017-10034

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Core Formatting API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ...

UBUNTU-CVE-2017-10349

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Design/Logic Flaw

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are...

MGASA-2017-0367 Updated dnsmasq packages fix security vulnerabilities

An audit by mozilla security found several vulnerability and potential vulnerability in dnsmasq: - Uninitialized buffer leads to memory leakage - Allocated memory is not cleared - Unchecked return value can lead to NULL pointer dereference - Hardcoded values in fscanf format strings with aliased...

U.S. Dept Of Defense: 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929

Summary: GitHub repo: https://github.com/████████ QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. High Severity Arbitrary Code Execution Vulnerable module: ch.qos.logback:logback-core Introduced through:...

mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

CVE-2017-3897

The CVE-2017-3897 entry affects McAfee LiveSafe (older than 16.0.3) and McAfee Security Scan Plus (MSS+) older than 3.11.599.3. It is a code-injection vulnerability in the non‑certificate‑based authentication mechanism that can be triggered by a HTTP backend‑response, allowing a network attacker ...

CVE-2017-3897

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...