Dell iDRAC6 CVE-2015-7274 Arbitrary Command Execution Vulnerability
Category Archives: Security
Security
Vuln: Dell iDRAC6 CVE-2015-7274 Arbitrary Command Execution Vulnerability
Dell iDRAC6 CVE-2015-7274 Arbitrary Command Execution Vulnerability
mupdf-1.10a-5.fc26
Fix stack consumption CVE (#1439643)
qemu-2.6.2-8.fc24
* Fix xen pv graphical display failure (bz #1350264)
* CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876)
* CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161)
qemu-2.7.1-6.fc25
* chardev data is dropped when host side closed (bz #1352977)
* CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876)
* IPv6 DNS problems in qemu user networking (bz #1401165)
* Fix crash in qxl memslot_get_virt (bz #1405847)
* CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161)
* spec: Pull in ipxe/vgabios links via -common package (bz #1431403)
* Clean up binfmt.d configuration files (bz #1394859)
CVE-2017-7882
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
CVE-2017-7881
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.
CVE-2017-7874
udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.
ETERNALBLUE 2.2.0 Windows 2008 R2 SMBv1 Zero Day Exploit
ETERNALBLUE is an SMBv1 remote unauthenticated zero day exploit that works on 2008 R2. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.
ZIPPYBEER 1.0.2 Authenticated Microsoft Domain Controller Exploit
ZIPPYBEER is an authenticated Microsoft Domain Controller exploit. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.