Amazon Linux AMI : kernel (ALAS-2017-925)

Incorrect updates of uninstantiated keys crash the kernel A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service DoS. CVE-2017-15299 Memory leak when merging buffers in SCSI IO...

Medium: kernel

Issue Overview: Incorrect updates of uninstantiated keys crash the kernel A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service DoS. CVE-2017-15299 Memory leak when merging buffers...

Libffi Arbitrary Code Execution Vulnerability

libffi is an external function interface library. An arbitrary code execution vulnerability exists in libffi. An attacker can exploit the vulnerability by overwriting the stack and triggering arbitrary code execution...

Code injection

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...

CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...

CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...

PT-2016-7989

Name of the Vulnerable Software and Affected Versions Yasr version 0.6.9-5 Description A buffer overflow occurs when a local attacker provides an oversized argument to the -p parameter. This allows the attacker to crash the application or execute arbitrary code by using a crafted payload containi...

FTPShell client buffer overflow vulnerability

FTPShell client is a file transfer program for windows platform. A cache overflow entry exists in the input field 'Address' used to connect to an FTP server in the FTPShell.exe client. The vulnerability is exploited to execute arbitrary local commands by overwriting multiple stack registers and...

McAfee ePolicy Orchestrator / ProtectionPilot Overflow

No description provided by source. $Id: mcafeeepolicysource.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 beta 18 VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names directory structures...

wu-ftpd 2.4.2/2.5 .0/2.6 .0 - Remote Format String Stack Overwrite (2)

No description provided by source. source: http://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the...

David Bagley xlock 4.16 User Supplied Format String Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a numb...

WinVNC Web Server <= 3.3.3r7 - GET Overflow

No description provided by source. $Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

TFTPDWIN 0.4.2 - Long Filename Buffer Overflow

No description provided by source. $Id: tftpdwinlongfilename.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

TABS MailCarrier 2.51 - SMTP EHLO Overflow

No description provided by source. $Id: mailcarriersmtpehlo.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Computer Associates License Server GETCONFIG Overflow

No description provided by source. $Id: calicservgetconfig.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 beta 18 VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names directory structures...

KarjaSoft Sami FTP Server 2.02 - USER Overflow

No description provided by source. $Id: samiftpduser.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Oracle Linux 4 : gnupg (ELSA-2006-0754)

From Red Hat Security Advisory 2006:0754 : Updated GnuPG packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Tavis...

CVE-2012-0663 Apple Quicktime Buffer Overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Recent assessments: wchen-r7 at September 12, 20...