1889 matches found
GNU Binutils 'elf_parse_notes' Function Denial of Service Vulnerability
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
Debian: Security Advisory (DLA-964-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability
The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. The patch was issued late Friday and fixes a vulnerability found in Tor Browser version 7.0.8. The patch is in an upgrade to Tor Browser 7.0.9. Windows users running...
CVE-2017-10051
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached t...
CVE-2017-10051
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached t...
CVE-2017-1000253
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...
CVE-2017-1000253
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14, 2015. This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 backported to Linux 3.10.7...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
The vulnerability of the sanity_check_raw_super function in the Linux operating system, which allows a malicious actor to escalate their privileges
The vulnerability of the sanitycheckrawsuper function in the Linux operating system is related to incorrect checking of the number of segments. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges using undefined vectors...
EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1180)
According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker...
CVE-2017-14170
In libavformat/mxfdec.c in FFmpeg 3.3.3 - 2.4, a DoS in mxfreadindexentryarray due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nbindexentries" field in the header but does not contain sufficient backing data, is provided, th...
CVE-2017-2779
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...
Memory corruption
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An...
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
BSA-2017-424
Security Advisory ID : BSA-2017-424 Component : Kernel Revision : 3.0: Interim The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors kernel: Missing sanity chec...
Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20170801)
The following packages have been upgraded to a later upstream version: tcpdump 4.9.0. Security Fixes : - Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send special...
CVE-2017-10662
The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors...
DEBIAN-CVE-2017-10662
The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors...
CVE-2017-10662
The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors...