More Spectre/Meltdown-Like Attacks

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers have been building...

kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU...

TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability

Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-18710: An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned...

PT-2018-14766 · Mpdf · Mpdf

Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...

F5 Networks BIG-IP : Lazy FP state restore vulnerability (K21344224)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.1.2 / 14.0.0.3 / 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K21344224 advisory. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocesso...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerabilities

The Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance is a set of firewall appliances from Cisco, U.S.A. Cisco Firepower Threat Defense is a set of software from Cisco, U.S.A., that runs in firewalls. A denial of service vulnerability exists in the Cisco Adaptive Security Applian...

CVE-2018-15454

A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a deni...

CVE-2018-11870

Technical details for CVE-2018-11870 are not publicly available in the provided documents. No affected products, impact, or remediation are specified here. Monitor for updates from the provided sources.

AudaCity 2.3 - High processor usage Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: AudaCity 2.3 - High processor usage Denial of Service Author: Kağan Çapar Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 top version Tested on OS: Windows 10...

Cisco NX-OS Denial of Service Vulnerability (CNVD-2018-23895)

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A denial of service vulnerability exists in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS. The...

CVE-2018-0456

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

GHSA-8VFM-4388-6RPC Apache is vulnerable to XXE in XSD validation processor

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor...

Sandsifter - The X86 Processor Fuzzer

The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor;...

[SECURITY] Fedora 29 Update: zsh-5.6.2-1.fc29

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

CVE-2018-3984

An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use...

CVE-2018-4000

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An...

CVE-2018-4001

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

CVE-2018-3999

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a...