OCaml CVE-2015-8869 Multiple Security Vulnerabilities
Monthly Archives: March 2017
Vuln: Linux Kernel CVE-2017-7294 Local Denial of Service Vulnerability
Linux Kernel CVE-2017-7294 Local Denial of Service Vulnerability
Vuln: Eject dmcrypt-get-device CVE-2017-6964 Local Code Execution Vulnerability
Eject dmcrypt-get-device CVE-2017-6964 Local Code Execution Vulnerability
CVE-2017-7346
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2017-7253
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a “Component error: login challenge!” message. The second JSON object encountered has a result indicating a successful admin login.
New Mirai Variant Carries Out 54-Hour DDoS Attacks
Researchers are tracking a new variant of the Mirai malware after it launched a 54-hour long DDoS attack against a U.S. college.
Verizon to pre-install a 'Spyware' app on its Android phones to collect user data
If the death of online privacy rules wasn’t enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers’ Android devices in order to collect their personal data.
The telecom giant has partnered with Evie Launcher to bring a new application called ‘AppFlash’ — a universal search bar that will come pre-installed on the home screens
A backup plan can save you from ransomware [infographic]
Names like Locky and CryptoLocker are familiar due to numerous news reports, but if you haven’t heard of the growing threat of ransomware, here’s a quick summary: Ransomware is a type of malware that locks you out of your devices by encrypting your files. In return for access with the decryption key, it demands a payment, typically in bitcoin. In many cases, victims of ransomware cannot recover their files, so a backup is essential.
CVE-2017-6182
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-6183
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine’s configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.