CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies...

Linux kernel mm/mempolicy.c Sensitive Information Disclosure Vulnerability

Linux kernel is an open source operating system. A security vulnerability exists in the setmempolicy and mbind compat syscalls of the mm/mempolicy.c file of Linux kernel. A local attacker can exploit this vulnerability to submit a special request to obtain sensitive information about an...

DEBIAN-CVE-2015-8504

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service arithmetic exception and application crash via crafted SetPixelFormat messages from a client...

DEBIAN-CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)

This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. Note that Tenable Network Security has extracted the preceding...

Virtuozzo 7 : readykernel-patch (VZA-2017-027)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate...

UBUNTU-CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

Design/Logic Flaw

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

kinman.com XSS vulnerability

Vulnerable URL: http://kinman.com/model-products.php?modelid=59"--!"=SRV set=Stratocaster=4=yes=Named SetsKNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1140113 VIP website...

Converged Smart Set-Top Box z84 Vulnerability in Overstepping Rights of Any User to Modify Administrator Configuration

Convergent smart set-top box z84, is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd, is a wireless wifi and smart TV connection set in one device, is widely used in hotels and homes with smart TV set-top box for telecommunication. Converged Smart STB z84 is vulnerable to a...

Stored Cross-Site Scripting Vulnerability in Converged Smart STB z84

Convergent smart set-top box z84, is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd, is a wireless wifi and smart TV connection set in one device, is widely used in hotels and homes with smart TV set-top box for telecommunication. Converged Smart STB z84 has a stored...

Linux kernel packet_set_ring function local denial of service vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'packetsetring' function of the net/packet/afpacket.c file in Linux kernel versions 4.10.6 and earlier, which stems from a program that...

DEBIAN-CVE-2017-7308

The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...

CVE-2017-5671

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...

UBUNTU-CVE-2017-7308

The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...

elfutils '__libelf_set_rawdata_wrlock' function denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the libelfsetrawdatawrlock function in elfutils's elfgetdata.c. A remote attacker could use this vulnerability to cause a denial of service via a...

PT-2017-2268

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.6 Description The issue is caused by a signedness error in the packet set ring function in the Linux kernel, which allows local users to cause a denial of service or gain privileges if the CAP NET RAW...

USN-3246-1 eject vulnerability

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator...