Author: Cyberthreat Blog

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an...

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted...

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and...

EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 – 8.0.0.2, OneFS 7.2.1.0 – 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or...