Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype...
Read More
Description: Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Impact: A guest may cause a hypervisor crash, resulting in a Denial of Service (DoS). Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-225.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923
Description: The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. Impact: For the worst issue, a PV guest could gain a writeable mapping of its own pagetable, allowing it...
Read More
Description: Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Impact: A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-217.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10912
Description: The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://struts.apache.org/docs/s2-048.html http://blog.trendmicro.com/trendlabs-security-intelligence/examining-cve-2017-9791-new-apache-struts-remote-code-execution-vulnerability/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791 http://www.securityfocus.com/bid/99484/info
