CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles. Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboo...

Foscam C1 Indoor HD Camera Firmware Recovery Unsigned Image Vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the recovery process used in the Foscam C1 Indoor HD Camera, which stems from the program's failure to perform adequate security checks. The vulnerability can be exploited by an attacker to...

Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

This vulnerability was discovered by Claudio Bozzato of Cisco Talos. Executive Summary The Foscam C1 Indoor HD Camera is a network-based camera that is marketed for a variety of uses, including as a home security monitoring device. Talos recently identified 32 vulnerabilities present in these...

Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...

Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix

Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU ...

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSFUPCASE filter...

harfbuzz/hb-subset-fuzzer: Heap-buffer-overflow in OT::BEInt<unsigned char, 1>::operator unsigned char

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5609911946838016 Project: harfbuzz Fuzzer: aflharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: aflasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Cra...

DEBIAN-CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

VulnCheck KEV: CVE-2007-5633

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the 1 IOCTLRDMSR 0x9C402438 and 2 IOCTLWRMSR 0x9C40243C IOCTLs to \Device\speedfan, as...

libzypp RPM package injection vulnerability (CNVD-2018-06155)

libzypp aka ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in versions of libzypp prior to 20170803. An attacker can exploit the vulnerability by adding unsigned YUM libraries to inject...

libzypp RPM Package Injection Vulnerability

libzypp also known as ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in versions of libzypp prior to 20170803. An attacker can exploit this vulnerability by retrieving unsigned packages to...

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

Design/Logic Flaw

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

Design/Logic Flaw

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

DEBIAN-CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

UBUNTU-CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system...