Circle with Disney Security Bypass Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A security bypass vulnerability exists in the signature verification of the firmware update feature in Circle with Disney version 2.0.1...

Multiple vulnerabilities in the Intel Management Engine sub-system of the microprogramming software of the Platform Controller Hub family, which allow unauthorized code execution

The multiple vulnerabilities of the Intel Management Engine sub-system within the microprogramming software of the Platform Controller Hub PCH family, which serve as south bridges, are caused by buffer overflows. Exploitation of these vulnerabilities could allow an attacker to execute unsigned co...

ALPINE-CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

DEBIAN-CVE-2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...

Design/Logic Flaw

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836...

UBUNTU-CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836...

CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836...

DEBIAN-CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836...

CVE-2012-6696

Technical details about CVE-2012-6696 are not publicly available in the provided documents. Monitor for updates.

CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836...

UBUNTU-CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the...

Design/Logic Flaw

A vulnerability in the ROM Monitor ROMMON code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization o...

CVE-2017-12223

A vulnerability in the ROM Monitor ROMMON code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization o...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper: - Also show a gpg key's subkeys. bsc1008325 - Improve signature...

openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2370-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libzypp (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity UMCI policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies. To exploit the vulnerability, a user could either visit a malicious website or an attacke...

Input validation

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus...

CVE-2017-7932

CVE-2017-7932 is described as an improper certificate validation issue in NXP i.MX devices (including i.MX 28/50/53, i.MX 7Solo/7Dual, Vybrid variants, and i.MX 6 family). Under security enabled configuration, a specially crafted certificate can bypass signature verification, enabling execution o...