USN-3246-1 eject vulnerability

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator...

asterisk -- Buffer overflow in CDR's set user

The Asterisk project reports: No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection...

PT-2017-2372 · Debian +1 · Eject +1

Name of the Vulnerable Software and Affected Versions: eject versions 2.1.5+deb1+cvs20081104-13.1 and earlier on Debian eject versions before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10 eject versions before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS eject...

set-fashion.com XSS vulnerability

Vulnerable URL: https://www.set-fashion.com/search/%22%3Etrolo%3Ci%3Etruli%3Cimg%20src%3Do%20onerror=prompt'openbugbounty'%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 754783...

Exploit for Race Condition in Canonical Ubuntu_Linux

PoC exploit for CVE-2016-5195, a Linux kernel vulnerability allo...

Eurohoo Government System set_border_color.php File Remote Command Execution Vulnerability

Ohuhu government system is the government portal system of Shanghai Ohuhu Network Technology Co. A remote code execution vulnerability exists in the setbordercolor.php file of the Ohuhu Government System due to improper filtering. An attacker can exploit this vulnerability to execute arbitrary ph...

kernel: Race condition in packet_set_ring leads to use after free

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKETV3 ring buffer. A local user able to open a raw packet socket requires the CAPNETRAW...

UBUNTU-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

UBUNTU-CVE-2016-10029

The virtiogpusetscanout function in QEMU aka Quick Emulator built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service out-of-bounds read and process crash via a scanout id in a VIRTIOGPUCMDSETSCANOUT command larger than numscanouts...

CVE-2016-8652

The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service crash by aborting authentication without setting a username...

CVE-2017-5162

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...

CVE-2016-3102

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

UBUNTU-CVE-2017-5885

Multiple integer overflows in the 1 vncconnectionservermessage and 2 vnccolormapset functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service crash or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow...

DEBIAN-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...

Cisco Firepower Management Center Incomplete Rule Set Vulnerability

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

Cisco Firepower Management Center Incomplete Rule Set Vulnerability

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. The vulnerability is due to a lack of condition checks in the rules engine. An attacker could...

PT-2017-7714 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue allows local guest OS users to cause a denial of service, resulting in an out-of-bounds read and process crash. This is achieved via a scanout id in a VIRTIO GPU CMD SET SCANOUT...

ALPINE-CVE-2016-9809

Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...

CVE-2016-9310

The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet...