Description of the security update for Microsoft Exchange: September 12, 2017

Description of the security update for Microsoft Exchange: September 12, 2017 Notice Security update package 4045655was released to address a known issue in this original security update. The 4045655 update removes the fix for this vulnerability. Symptoms This security update resolves a...

Design/Logic Flaw

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service assertion failure in the cpuphysicalmemorysnapshotgetdirty function...

DEBIAN-CVE-2017-13673

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service assertion failure in the cpuphysicalmemorysnapshotgetdirty function...

CVE-2017-13673

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service assertion failure in the cpuphysicalmemorysnapshotgetdirty function...

[SECURITY] Fedora 26 Update: qpdf-6.0.0-8.fc26

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

CVE-2017-1000068

TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field...

CVE-2017-1000068

TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field...

Design/Logic Flaw

TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field...

CVE-2017-1000068

TestTrack Server versions 1.0 and earlier are vulnerable due to an authentication flaw in the split disablement feature, which could allow a remote attacker to disable arbitrary running splits and cause denial of service to clients. Supported documents from CNVD/CVE describe the denial of service...

Disk Sorter 9.7.14 Input Directory Buffer Overflow

!/usr/bin/python Exploit Title: DiskSorter v9.7.14 - Local Buffer Overflow Date: 10-06-2017 Exploit Author: abatchy17 -- @abatchy17 Vulnerable Software: DiskSorter v9.7.14 Vendor Homepage: http://www.disksorter.com/ Version: 9.7.14 Software Link:...

Cross site scripting

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attack...

CVE-2017-1291

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attack...

CVE-2017-1291

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attack...

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RUSTSEC-2017-0002 headers containing newline characters can split messages

Serializing of headers to the socket did not filter the values for newline bytes \r or \n, which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an...

Secure Web unable to access Internal Links with Split Tunnel set to ON via NetScaler Gateway

While trying to access Internal Links or external links with Split Tunnel ON, gets error message as: 'Could not find hostname'...

APT - Repository Signing Bypass via Memory Allocation Failure

APT - Repository Signing Bypass via Memory Allocation Failure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file clearsigned Release files, this file is processed as follows: First, the InRelease...

PT-2019-4673 · Puma +9 · Puma +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.4.8 Ruby versions 2.5.x through 2.5.6 Ruby versions 2.6.x through 2.6.4 Puma versions prior to 3.12.3 Puma versions prior to 4.3.2 Description: The issue is related to incorrect handling of special elements in the...

Procedure to split Veeam Backup & Replication Server and Veeam Cloud Connect Server

In the situation where the same Veeam Server is used to serve both Backup and Replication services, and Veeam Cloud Connect, Veeam is requiring service providers to split these two services into two d...

Split-Flap Cross Site Scripting

Split-Flap - Reflected Cross Site Scriptingweather.php, flights.php Exploit Title: Split-Flap - Reflected Cross Site Scriptingweather.php, flights.php Date: 2016-06-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/baspete/Split-Flap ,...