ALPINE-CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

June 13, 2017—KB4022726 (Monthly Rollup)

June 13, 2017—KB4022726 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4019217 released May 16th, 2017 and resolves the following issues: Addressed issue where, after installing KB3170455 MS16-087, users have difficulty...

IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Exploit

Exploit for multiple platform in category dos / poc ''' IBM DB2 Command Line Processor Buffer Overflow Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: http://www.defensecode.com/advisories/IBMDB2CommandLineProcessorBufferOverflow.pdf Software: IBM DB2 Version: V9.7,...

CVE-2015-3142

The kernel-invoked coredump processor in Automatic Bug Reporting Tool ABRT does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application...

IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow

''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: http://www.defensecode.com/advisories/IBMDB2CommandLineProcessorBufferOverflow.pdf Software: IBM DB2 Version:...

BSA-2017-317

Security Advisory ID : BSA-2017-317 Component : Apache Tomcat Revision : 2.0: Interim In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was...

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely...

GhostHook Attack Bypasses Windows 10 PatchGuard

A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particula...

Siemens SIMATIC CP 44x-1 RNA Module Unauthorized Operation Vulnerability

The Siemens SIMATIC CP 44x-1 RNA is a communication processor with integrated firewall, VPN, security protocols, data encryption, and other security features that provides network connectivity and secure communication for s7-1500 controllers. An unauthorized operation vulnerability exists in the...

Microsoft Windows Multiple Vulnerabilities (KB4022722)

This host is missing a critical security update according to Microsoft KB4022722 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2017-9122

The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...

IBM Cognos Business Intelligence Server Denial of Service Vulnerability

IBM Cognos Business Intelligence BI Server is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A denial of service...

Hancom Thinkfree Office NEO Hangul Word Processor Component Buffer Overflow Vulnerability

Hancom ThinkFree Office NEO is an office software suite developed by Hancom in South Korea.Hangul Word Processor is one of the Korean language processor components. A buffer overflow vulnerability exists in version 9.6.1.4350 of the Hangul Word Processor component in Hancom Thinkfree Office NEO...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component version 9.6.1.4350 of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the contex...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component version 9.6.1.4350 of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the contex...

CVE-2017-2819

CVE-2017-2819 is an exploitable heap-based buffer overflow in Hancom Thinkfree Office NEO (Hangul Word Processor, Hangul WPD) v9.6.1.4350. The issue occurs when processing HWPTAG_TAB_DEF(22) records in the DocInfo stream of the Hangul Word Processing Document format; a signed comparison during dy...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component version 9.6.1.4350 of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the contex...

Remote Denial of Service Vulnerability in Multiple Zyxel Products

ZyXEL USG50 and so on are products of ZyXEL Technology Corporation.ZyXEL USG50 is a firewall product.ZyXEL NWA3560-N is a switch product. A remote denial of service vulnerability exists in multiple Zyxel products. An attacker could exploit this vulnerability to cause high CPU consumption, resulti...

AMD Ryzen Processor Local Denial of Service Vulnerability

AMD Ryzen is a processor from the American company Ultraviolet Semiconductor AMD. A local denial of service vulnerability exists in AMD Ryzen processors. An attacker could exploit this vulnerability to cause a denial of service, denying service to legitimate users...

CVE-2017-8338

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 used for L2TP over IPsec, preventing the affected router from accepting new connections; all devices will be disconnected from the router a...