Description: Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka “Express Compressed Fonts Remote Code Execution Vulnerability.” Impact: An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts...
Read More
Description: The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. Impact: Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Linux Kernel 4.11.5 is vulnerable; other versions may also be...
Read More
Description: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. Impact: Successful exploits may allow attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. Mitigation: Updates...
Read More
Description: A kernel data leak due to an out-of-bound read was found in Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since v4.7-rc1 upto v4.13 including. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result upto 100 bytes of the slab data could be leaked to a userspace. Impact: Local attackers can exploit...
Read More
Description: AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. Impact: Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Mitigation: Updates are available. Please check specific vendor advisory for more information....
Read More
