The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.
Monthly Archives: March 2017
Google Nest Cam 5.2.1 Buffer Overflow
Google Nest Cam version 5.2.1 suffers from buffer overflow conditions over bluetooth LE.
Faraday 2.4.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
OpenSSH 7.5p1
This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dnaLIMS Admin Module Command Execution
This Metasploit module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.
Debian Security Advisory 3796-2
Debian Linux Security Advisory 3796-2 – CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client.
Ubuntu Security Notice USN-3238-1
Ubuntu Security Notice 3238-1 – An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code.
EMC RecoverPoint SSL Stripping
EMC RecoverPoint update contains a fix for an SSL stripping vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.0 are affected.
kernel-4.10.4-200.fc25
The 4.10.4 stable kernel update contains a number of important fixes across the tree. It also reverts CONFIG_CFG80211_CRDA_SUPPORT to match the previous 4.9 kernels.
—-
The 4.10.3 kernel rebase contains a number of new features, important fixes, and additional hardware support.
Re: Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
Posted by Thomas Deutschmann on Mar 20
I requested a CVE via MITRE web form and received the following ID: