Kernel: Kvm: vmx/svm potential privilege escalation inside guest

Linux kernel built with the Kernel-based Virtual Machine CONFIGKVM support was vulnerable to an incorrect segment selectorSS value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resultin...

Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The offset2lib patch as use...

Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)

The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...

Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit

Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...

Xen Code Execution Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...

DEBIAN-CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

ALPINE-CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

UBUNTU-CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

CVE-2017-6865

A vulnerability has been identified in Primary Setup Tool PST All versions V4.2 HF1, SIMATIC Automation Tool All versions V3.0, SIMATIC NET PC-Software All versions V14 SP1, SIMATIC PCS 7 V8.1 All versions, SIMATIC PCS 7 V8.2 All versions V8.2 SP1, SIMATIC STEP 7 TIA Portal V13 All versions V13...

CVE-2017-2681

Specially crafted PROFINET DCP packets sent on a local Ethernet segment Layer 2 to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected...

CVE-2017-2680

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment Layer 2. Human interaction is required to recover the systems. PROFIBUS interfaces are not affected...

CVE-2017-2680

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment Layer 2. Human interaction is required to recover the systems. PROFIBUS interfaces are not affected...

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

hasbro.com XSS vulnerability

Vulnerable URL: https://www.hasbro.com/en-us/toys-games/segments:" style=background:red;left:0;top:0;height:500px;width:500px;position :absolute;z-index:1000 onmouseover=alert'openbugbounty' "?sortdir=1"--...

Juniper NorthStar Controller Application Remote Elevation of Privilege Vulnerability

NorthStar is Juniper's SDN controller that dynamically builds SR TE-LSPs and observes labeling information for each link, LSP. Also based on traffic distribution, SR LSPs can be dynamically optimized. A remote elevation of privilege vulnerability exists in the Juniper NorthStar controller...

CVE-2017-3053

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files...

DEBIAN-CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

The vulnerability of the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the loadsegmentdescriptor component in the Linux operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a local attacker to cause a service failure abnormal termination of operations through a specially created application...

DEBIAN-CVE-2017-2583

The loadsegmentdescriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service guest OS crash or gain guest OS privileges via a crafted application...