-
CVE-2017-1000370: kernel: PIE binary stack overrun
CVE ID CVE-2017-1000370 DESCRIPTION The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of…
-
CVE-2017-1000364: kernel: stack guard page flaw
SUMMARY Security update for Linux kernel stack guard page flaw CVE ID CVE-2017-1000364 DESCRIPTION An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel…
-
CVE-2017-7494: samba RCE from a writeable share "SambaCry"
SUMMARY Samba RCE requires updating samba packages. CVE ID CVE-2017-7494 DESCRIPTION A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. All versions of Samba from 3.5.0 onwards are vulnerable…
-
CVE-2017-7980 qemu: OOB r/w access issues in bitblt routines
CVE ID CVE-2017-7980 DESCRIPTION An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary…
-
CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
CVE ID CVE-2016-8743 DESCRIPTION It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently,…
-
CVE-2014-0098 httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS
CVE ID CVE-2014-0098 DESCRIPTION The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. Unitrends risk…
-
CVE-2011-3368: httpd: reverse web proxy vulnerability
CVE ID CVE-2011-3368 DESCRIPTION The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send…
-
CVE-2018-6329 Unitrends: sqli authentication bypass RCE
CVE ID CVE-2018-6329 DESCRIPTION It was discovered that the Unitrends Backup (UB) before 10.1.0 the libbpext.so authentication could be bypassed with an SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. RESOLUTION Resolution…
-
CVE-2018-6328 Unitrends: RCE with backquotes in /api/hosts/ parameters
CVE ID CVE-2018-6328 DESCRIPTION It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. RESOLUTION Resolution is to upgrade to…
-
CVE-2016-10011 openssh: Leak of host private key material to privilege-separated child process via realloc
CVE ID CVE-2016-10011 DESCRIPTION It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. It seems that this flaw is not…