Description: The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. Impact: For the worst issue, a PV guest could gain a writeable mapping of its own pagetable, allowing it...
Read More
Description: Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Impact: A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-217.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10912
Description: The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://struts.apache.org/docs/s2-048.html http://blog.trendmicro.com/trendlabs-security-intelligence/examining-cve-2017-9791-new-apache-struts-remote-code-execution-vulnerability/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791 http://www.securityfocus.com/bid/99484/info
Description: An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user’s browser session could be redirected to a malicious site that is designed to impersonate a legitimate...
Read More
Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability”. This CVE ID is unique from CVE-2017-8559. Impact: Attackers can exploit this issue to gain elevated privileges. Mitigation: Updates are available....
Read More
