Information disclosure

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information...

PT-2017-2367 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.0 through 8.5.12 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M18 Description: The refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed...

Fixed in Apache Tomcat 8.5.13

Important: Information Disclosure CVE-2017-5651 The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could resu...

CVE-2017-7262

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service system hang via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite...

CVE-2017-7262

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service system hang via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite...

[SECURITY] Fedora 24 Update: qemu-2.6.2-7.fc24

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

CVE-2016-5857

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR1094140...

[SECURITY] Fedora 25 Update: qemu-2.7.1-4.fc25

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

CVE-2017-3815

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prio...

Oracle Linux 6 : tomcat6 (ELSA-2017-0527)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0527 advisory. - Related: rhbz1402664 CVE-2016-6816 Adding system property from asfbz-60594 to allow use of some un- encoded characters - Related: rhbz1402664...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

Google Nexus Qualcomm GPU Driver elevation of privilege vulnerability (CNVD-2017-03819)

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm GPU Driver is a graphics processor driver developed by Qualcomm. A power lifting vulnerability exists in the Qualcomm GPU Driver in Android on multiple Google devices. Th...

Google Nexus Qualcomm ADSPRPC Driver elevation of privilege vulnerability (CNVD-2017-03823)

Android on Nexus 5X etc. is a set of open source operating system running on Nexus 5X etc. smart devices and based on Linux, which is jointly developed by Google and the Open Handheld Alliance OHA for short.Qualcomm ADSPRPC Driver is one of the digital signal processor drivers. A power lifting...

CVE-2017-0501

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

JustSystems Ichitaro Heap Buffer Overflow Vulnerability

JustSystems Ichitaro is a suite of word processing software from the Japanese company JustSystems. A heap buffer overflow vulnerability in the Ichitaro word processor in JustSystems Ichitaro allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by th...

JustSystems Ichitaro Buffer Overflow Vulnerability

JustSystems Ichitaro is a suite of word processing software from the Japanese company JustSystems. A heap-based buffer overflow vulnerability exists in the Ichitaro word processor in JustSystems Ichitaro, which allows remote attackers to build malicious files that can be parsed by the user, causi...

Ichitaro Office JTD Figure handling Code Execution Vulnerability

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro’s proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...