Security Advisories & Alerts


QEMU CVE-2017-9524 Denial of Service Vulnerability

Description: The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate...

Read more


Git CVE-2017-8386 Security Bypass Vulnerability

Description: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a – (dash) character....

Read more


OpenSSL CVE-2017-3732 Information Disclosure Vulnerability

Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...

Read more


Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software...

Read more


CVE-2017-9948: Microsoft Skype ‘MSFTEDIT.DLL’ Buffer Overflow Vulnerability

Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of...

Read more


Xen Security Advisory CVE-2017-10923

Description: Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Impact:  A guest may cause a hypervisor crash, resulting in a Denial of Service (DoS). Mitigation: Updates are...

Read more


Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability

Description: The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Impact:  Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Mitigation: Updates are...

Read more


Page 21 of 30« First...10...1920212223...30...Last »