Security Advisories & Alerts


Apple iOS/WatchOS/tvOS/macOS : CVE-2017-7069 Security Vulnerabilities

Description:  An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial...

Read more


Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability

Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. Impact: A local attacker can exploit this issue to cause a...

Read more


Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

Description: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Impact: Successfully exploiting this issue allows attackers to execute arbitrary...

Read more


Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability

Description:  While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for...

Read more


Heimdal CVE-2017-11103 Man in the Middle Security Bypass Vulnerability

Description: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version...

Read more


Citrix NetScaler Gateway CVE-2017-7219 Heap Buffer Overflow Vulnerability

Description:  A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Impact: Attackers can exploit this issue to execute arbitrary code within the context of the...

Read more


GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability

Description:  glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly...

Read more


CVE-2017-9417 Broadpwn Bug of Android and iOS Devices

Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue. Impact: Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the...

Read more


Page 20 of 30« First...10...1819202122...30...Last »