Axessh version 4.2.2 suffers from a denial of service vulnerability.
6221e04a4b2e6794fae49174fec337f916c731c4c1ee3c2fdd2bdc1aeb2b92dbWinaXe version 7.l7 suffers from a buffer overflow vulnerability.
be38453d08ddc3624ca01a186e279543cf5ba0ac31250c272f1f78f1632693c3Spark version 2.5 suffers from an arbitrary file read vulnerability.
ab13f783a63bd501130714b05a757e9c4fa7bddb35f7e1197b0d5fdac659ce1dThese are three memcached version 1.4.33 proof of concept exploits.
47b78110df88cd84d7633a63827e64727b70547efb67f0a1499d84c7b0ea068cPCMan FTP server version 2.0 ACCT command buffer overflow exploit.
2b6b9af00e30254b1f62de7ca7b42aa4531390470e1d6d59f0c56b19c72f0930ETchat version 3.7 suffers from a cross site request forgery vulnerability.
04a2de8c0f273cf4995eb86728c22b0966cdbc9aaa684a57a15e80675301a9c4SweetRice version 1.5.1 suffers from a remote file upload vulnerability.
7ee34e66510a94c6befb240c9c2c2f9410dd0a4f71081b3853f15fd00fa1a92fRed Hat Security Advisory 2016-2587-02 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.
1e8cef7d8f8f658d7a30a5d5c2a015de30669cb1a90b04848980ffde73fbab4aRed Hat Security Advisory 2016-2586-02 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.
cbe8a3766007ea755ac88d960d49f5ad7c4c4cf2ed3b1e988f685e129664db39Red Hat Security Advisory 2016-2585-02 - Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance.
66556667bcdaedde71ce46eb068e1ab81d9f9e58d4430bb85f45454d38d4f155Red Hat Security Advisory 2016-2584-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.
88a2bd8c0f30988120dd0ca735846a15c63a1e9c06edc72ce61959751724fbc4Red Hat Security Advisory 2016-2583-02 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.
b29d9245310b0ec9f927c67365c473b5acf58d5ff988391450625bfc3fc3f167Red Hat Security Advisory 2016-2582-02 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix: Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality.
e5dfca04374bb6d08b4923e98d607077727bd94ebabbe338b9888f47ba0f959fRed Hat Security Advisory 2016-2581-02 - NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband, and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager, NetworkManager-libreswan, network-manager-applet, libnl3.
e4d884bd5903834198192dcd63c1c5e80c9577b229d93868dc3e98f5b20ffe0fRed Hat Security Advisory 2016-2580-02 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened.
0a710787d5295421fac1e2572d2d1d2b710407bd772ff74bed6aea73f53053b5Red Hat Security Advisory 2016-2579-02 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. The following packages have been upgraded to a newer upstream version: libreoffice. Multiple security issues have been addressed.
f900b580f4a655437c2d2ab2b9bfdf2ac62bad8dd368f314836411491c0db28bRed Hat Security Advisory 2016-2578-02 - The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. The following packages have been upgraded to a newer upstream version: pacemaker. Security Fix: It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service.
2460ab8eda8338aedda405b0fa29d1e926a6a23a7a588b52cc1626f20980a5e4Red Hat Security Advisory 2016-2577-02 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
118b2a68f087d0b881f87bbe5c345b76866347fea54cab5d7b90899f14c20513Red Hat Security Advisory 2016-2576-02 - The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs, virt-p2v. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.
37eabece8dccd116651740c428db2fd23a7c4d2a71a0ff1de84a700f8bfb65eeRed Hat Security Advisory 2016-2575-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
6ded3ee3863bdea0ccb1e1da6586004598947276a437a6a908d555e08d3dca4dRed Hat Security Advisory 2016-2574-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.
a58b7b5d58e92d5a084026c53f5461e431441e86891787922c799b50ae4376edIntel(R) HD Graphics version 10.18.10.4358 suffers from an unquoted service path privilege escalation vulnerability.
9fb443b96de9759949d6d206cfaace84b4d025406ccffc546c2a814083bc33ebSweetRice version 1.5.1 suffers from a code execution vulnerability via the use of a cross site request forgery flaw.
f3bfe44c4bc8a14bbdfd762dc9d57d3f96dbce1698057f497e050e8e9168e5b4Red Hat Security Advisory 2016-2573-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.
73af8c49aae2ea595d4a81807a2cbcdcbd04c82b5c9359f6943ef80ef65cee45
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed