UBUNTU-CVE-2017-15537

The x86/fpu Floating Point Unit subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace or rtsigreturn system call, allowing local users to read...

Design/Logic Flaw

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

CVE-2017-10607

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting Vulnerability

WordPress WP-Contact-Widgets plugin version 1.4.1 suffers from a stored cross site scripting vulnerability. Exploit Title: Stored XSS on wp-contact-widgets 1.4.1 wordpress plugin Exploit Author: Boumediene KADDOUR Publisher: R&D Unit Algerie Telecom Version: 1.4.1 Application website:...

DEBIAN-CVE-2017-12188

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service incorrect index...

FreeMilk Phishing Scam Hijacks Active Email Conversations to Deploy Malware

By Waqas The IT security researchers at Palo Alto Networks Unit 42 This is a post from HackRead.com Read the original post: FreeMilk Phishing Scam Hijacks Active Email Conversations to Deploy Malware...

DEBIAN-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

DEBIAN-CVE-2017-1000112

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...

UBUNTU-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

BitCracker - BitLocker Password Cracking Tool (Windows Encryption Tool)

BitLocker is a full-disk encryption feature available in recent Windows versions Vista, 7, 8.1 and 10 Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker see picture below. Our attack has been tested on...

UBUNTU-CVE-2017-14934

processdebuginfo in dwarf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service infinite loop via a crafted ELF file that contains a negative size value in a CU structure...

Serial port access without authentication vulnerability in Huawei B2338-168 CPE device outdoor unit

The Huawei B2338-168 is a wireless terminal device from Huawei, China, capable of receiving WiFi signals. outdoor unit is one of the units used for sending and receiving signals. An unauthenticated serial port access vulnerability exists in the outdoor unit of the Huawei B2338-168 CPE device. An...

Port access without authentication vulnerability in Huawei B2338-168 CPE device outdoor unit

The Huawei B2338-168 is a wireless terminal device from Huawei, China, capable of receiving WiFi signals. outdoor unit is one of the units used for sending and receiving signals. A port access without authentication vulnerability exists in the outdoor unit of the Huawei B2338-168 CPE device. Afte...

'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...

CVE-2015-8334

SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

Updated dbus packages fix security vulnerabilities

A format string vulnerability in the reference bus implementation, dbus-daemon, could potentially allow local users to cause arbitrary code execution or denial of service. Symlink attack in nonce-tcp transport bsc1025950. Symlink attack in unit tests bsc1025951...

CVE-2017-9647

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015...

CVE-2017-6763

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...

Design/Logic Flaw

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...

GStreamer security, bug fix, and enhancement update

clutter-gst2 2.0.18-1 - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: 1386833 gnome-video-effects 0.4.3-1 - Update to 0.4.3 - Resolves: 1386968 0.4.1-5 - Fix URL rhbz1380981 gstreamer-plugins-bad-free 0.10.23-23 - Rebuild with hardened flags Resolves:...