The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
Monthly Archives: November 2016
PHP Classifieds Rental Script 1.0 Cross Site Scripting
PHP Classifieds Rental Script version 1.0 suffers from a cross site scripting vulnerability.
Vuln: Microsoft Office CVE-2016-7235 Memory Corruption Vulnerability
Microsoft Office CVE-2016-7235 Memory Corruption Vulnerability
Vuln: Microsoft Office CVE-2016-7233 Information Disclosure Vulnerability
Microsoft Office CVE-2016-7233 Information Disclosure Vulnerability
Vuln: Microsoft Office CVE-2016-7234 Memory Corruption Vulnerability
Microsoft Office CVE-2016-7234 Memory Corruption Vulnerability
Vuln: Microsoft Edge CVE-2016-7204 Information Disclosure Vulnerability
Microsoft Edge CVE-2016-7204 Information Disclosure Vulnerability
TrickBot Banking Trojan Adds New Browser Manipulation Tools
The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope.
CVE-2016-3161
For the NVIDIA Quadro, NVS, GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.
CVE-2016-4959
For the NVIDIA Quadro, NVS, GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.
CVE-2016-4960
For the NVIDIA Quadro, NVS, GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.