Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Below versions are affected: PHP 5.6 prior to 5.6.31 PHP 7.0 prior to 7.0.21...
Read More
Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype...
Read More
Description: Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Impact: A guest may cause a hypervisor crash, resulting in a Denial of Service (DoS). Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-225.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923
Description: The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. Impact: For the worst issue, a PV guest could gain a writeable mapping of its own pagetable, allowing it...
Read More
Description: Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Impact: A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-217.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10912
