Monthly Archive: January 2017

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging...

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Date published : 2017-01-23 http://www.securityfocus.com/bid/94476 http://xenbits.xen.org/xsa/advisory-197.html

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader...

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in...

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. Date published : 2017-01-23 http://www.securityfocus.com/bid/93969 https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. Date published : 2017-01-23 http://www.securityfocus.com/bid/94635 https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and...

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. Date published : 2017-01-23 http://www.securityfocus.com/bid/93270 https://packetstormsecurity.com/files/138928/Ubiquiti-UniFi-AP-AC-Lite-5.2.7-Improper-Access-Control.html

Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. Date published : 2017-01-23 http://www.securityfocus.com/bid/93186 https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/

The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. Date published : 2017-01-23 http://www.securityfocus.com/bid/92971 http://www.openwall.com/lists/oss-security/2016/09/13/5

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. Date published : 2017-01-23 http://www.securityfocus.com/bid/92627 https://owncloud.org/security/advisory/?id=oc-sa-2016-016

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack. Date published : 2017-01-23...

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. Date published : 2017-01-23 http://www.securityfocus.com/bid/95845 https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. Date published : 2017-01-23 http://www.securityfocus.com/bid/92664...