nZEDb version 0.7.3.3 suffers from a cross site scripting vulnerability.
757d005f6b520fede3eb3727f1000b70a7cba60ba57bf72e6e42c924497fd1a9
This Microsoft bulletin summary lists multiple CVEs and security bulletins that have undergone a major revision increment.
161586e64259dc4b705b4ce46b4a0914803be67a146156a1ec784629170dcf5d
Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability.
aee069f51577df77fc6d3c899ca3c89aa1f4c3de9f2251ed8ac15f6a9b582141
WildMIDI version 0.4.2 suffers from multiple invalid memory read vulnerabilities that can result in a denial of service.
612fdf77abbe0d5c163e14706f4ce2d0d0d044df31edc4b7ba5f6129a2baafc2
minidjvu version 0.8 suffers from multiple invalid memory read vulnerabilities that can result in a denial of service.
a0f3b6b136bf5a53a4d68b7de9e7314cf7b4d67e1c02588b83b53563379c8b43
This Microsoft bulletin lists dozens of updates for August, 2017.
b3660056fd3a1e28a4c8696cbe86d46898db7a81d7f714a386e8e033dc64a2fe
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc.
53147e0cf82da4bdc5ee73a8bc75667f3afd51f62351d8d4a1ef19fbcbf6f22f
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
94867fc8ac91eb561598736f6d51773375110db546f8b057c29758b0045931d8
Demystifying Windows Kernel Exploitation by Abusing GDI Objects. This has the Windows 7 SP1 x86 exploit demonstrated at Defcon 25.
6287c58e621193e7199a983298783aa8371bbb55c1eb72e967dedb90de150e9f
Red Hat Security Advisory 2017-2452-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
e332da797d136dab5f35b8a55aee5d467b8ffc2e646ac39b1bf719a5381fb561
Red Hat Security Advisory 2017-2447-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-arptables, net.bridge.bridge-nf-call-ip6tables, and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
6f49858c20fc978a17ddcb8ce3cd27ecaba0391a568aaed6ff0540f9b8a81821
Red Hat Security Advisory 2017-2449-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
8b30f6b05789306a07e613c91c5e2667da08e978fcf6a5de1413a5956ff9591b
Red Hat Security Advisory 2017-2448-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
1cbccfb08fa42b0999e1dd879f15005572bfbf3367c6ad68492bbb48d3bf1234
Red Hat Security Advisory 2017-2451-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
0fd69ae991c87f5efd6f8613d49aa915ec40d810af6cc0f1ce47d023553feff2
Red Hat Security Advisory 2017-2450-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
623056c231c64973bc7222d56464222367014397b0645b32a0f17c0e8317270e
Red Hat Security Advisory 2017-2445-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator built with the Network Block Device Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.
564a8bd494449c806fc2eeae091b4c27627588bc4d2d063bec0ad1ed101993af
Red Hat Security Advisory 2017-2444-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.
1fb9ce595e7c80e760f459ffa8a8b09a3a16c5f8891d2ff710a4383d51d5b053
Red Hat Security Advisory 2017-2437-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.
8bf76b236d5b2df60d52f09cd101ddac0fadabb550736b9a086a865e6826e552