6117 matches found
Threat Outbreak Alert RuleID32722: Email Messages Distributing Malicious Software on May 8, 2018
Medium Alert ID: 57826 First Published: 2018 May 8 16:28 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32722 may contain the following files: Name | Size ...
CVE-2018-10238
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...
systemd/fuzz-unit-file: Use-of-uninitialized-value in streq_ptr
Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=4908210742886400 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...
CVE-2018-5507
On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3619-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3619-2 advisory. USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
systemd/fuzz-unit-file: Use-of-uninitialized-value in streq_ptr
Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=5106486364602368 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...
Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)
It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that a...
Take these steps to stay safe from counterfeit software and fraudulent subscriptions
This post is authored by Matt Lundy, Assistant General Counsel, Microsoft. Software piracy and fraudulent subscriptions are serious, industry-wide problems affecting consumers and organizations around the world. In 2016, 39 percent of all software installed on computers was not properly licensed,...
systemd/fuzz-unit-file: Use-of-uninitialized-value in streq_ptr
Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=6015289054461952 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...
systemd/fuzz-unit-file: Use-of-uninitialized-value in unit_name_is_valid
Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=4923037330702336 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...
systemd/fuzz-unit-file: Use-of-uninitialized-value in streq_ptr
Project: https://github.com/systemd/systemd.git Detailed report: https://oss-fuzz.com/testcase?key=5646670466383872 Project: systemd Fuzzer: libFuzzersystemdfuzz-unit-file Fuzz target binary: fuzz-unit-file Job Type: libfuzzermsansystemd Platform Id: linux Crash Type: Use-of-uninitialized-value...
UBUNTU-CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
Fedora 27 : systemd (2018-eea8cb8b0e)
a few memory leaks and uninitialized memory accesses - systemd-networkd Remote= must be a unicast address upstream issue 8088 - add /run/systemd/user to the unit lookup path upstream issue 8119 - various fixes for journalctl leaking file descriptors on very quick file rotation upstream issues...
SUSE-SU-2018:0546-1 Security update for systemd
This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed: - core: us...
www2.cnrs.fr XSS vulnerability
Open Bug Bounty ID: OBB-567876 Description| Value ---|--- Affected Website:| www2.cnrs.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
eQ-3 AG HomeMatic CCU2 Arbitrary File Write Vulnerability
The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in User.setLanguage in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to write arbitrary files...
eQ-3 AG HomeMatic CCU2 Remote Code Execution Vulnerability
The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A remote code execution vulnerability exists in the addon installation process in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. An attacker could exploit the vulnerability to create or...
eQ-3 AG HomeMatic CCU2 Remote Code Execution Vulnerability (CNVD-2018-05831)
The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from the German company eQ-3. tcl script interpreter is one of the script interpreters for the TCL language. A remote code execution vulnerability exists in the TCL script interpreter in eQ-3 AG Homematic CCU2...
eQ-3 AG HomeMatic CCU2 Malicious Firmware Update Vulnerability
The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A security vulnerability in the /usr/local/etc/config/addons/mh/loopupd.sh file in the eQ-3 AG Homematic CCU2 version 2.29.22 stems from the program's failure to provide cryptographic...
eQ-3 AG HomeMatic CCU2 User.getLanguage method directory traversal vulnerability
The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in the User.getLanguage method in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to read the...