Microsoft Windows Multiple Vulnerabilities (KB4056899)

This host is missing an important security update according to Microsoft KB4056899 OpenVAS Vulnerability Test $Id: gbmskb4056899.nasl 8364 2018-01-10 16:59:46Z gveerendra $ Microsoft Windows Multiple Vulnerabilities KB4056899 Authors: Shakeel Copyright: Copyright C 2018 Greenbone Networks GmbH,...

KB4056899: Windows Server 2012 January 2018 Security Update

The remote Windows host is missing security update 4056899 or cumulative update 4056896. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver ATMFD.dll when it fails to properly handle objects in memory...

KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4056890 or 4057142. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

Information disclosure

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

Linux Kernel Information Disclosure Vulnerability (CNVD-2018-00596)

The Linux Kernel is the kernel of the Linux operating system. Linux kernel 3.3-rc1 and later have an information disclosure vulnerability in their implementation that can be exploited by an attacker to bypass KASLR security restrictions...

DEBIAN-CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...

Clarifying the behavior of mandatory ASLR

Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...

US-CERT Warns of ASLR Implementation Flaw In Windows

The U.S. Computer Emergency Readiness Team is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. The vulnerability could allow a remote attacker to take control of an affected system. Microsoft said it...

expat: hash table collisions CPU usage DoS

A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this...

GHSA-4C4W-3Q45-HP9J Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2017-30125)

Microsoft Windows Server 2012 R2 and others are operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. An information disclosure vulnerability exists in the kernel in Microsoft Windows. A local attacker can exploit this vulnerability to retrieve...

DEBIAN-CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...

UBUNTU-CVE-2017-14954

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call...

Tails 3.2 - Live System to Preserve Your Privacy and Anonymity

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used fr...

Microsoft Windows kernel information disclosure vulnerability (CNVD-2017-32963)

Microsoft Windows Server 2008 SP2 is a series of operating systems released by Microsoft. kernel component is one of the kernel components. An information disclosure vulnerability exists in the kernel component of Microsoft Windows, which arises from a program's failure to properly initialize...

KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update

The remote Windows host is missing security update 4038783. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements...

Windows Server 2012 September 2017 Security Updates

The remote Windows host is missing security update 4038786 or cumulative update 4038799. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain...