Security Vulnerability


Security Vulnerability

 

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.  Below you will find Security Vulnerability feeds from Apple and Microsoft and many of the top security organizations.

 

 

 

  • CVE-2017-10663
    The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-19
  • CVE-2017-10661
    Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-19
  • CVE-2017-10662
    The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-19
  • CVE-2017-12967
    The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-19
  • CVE-2017-11323
    Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-19
  • DSA-3948 ioquake3 – security update
    A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. ... read more
    Source: Debian SecurityPublished on 2017-08-19
  • CVE-2017-12962
    There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-18
  • CVE-2017-12955
    There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-18
  • CVE-2017-12963
    There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-18
  • CVE-2017-12957
    There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. ... read more
    Source: National Vulnerability DatabasePublished on 2017-08-18