what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 202 RSS Feed

Files

Red Hat Security Advisory 2015-2199-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2199-07 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

tags | advisory, info disclosure
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1472, CVE-2015-1473, CVE-2015-1781
SHA-256 | f94e9bae1ee9312a7c4a7f82ecb9725f410c0b7a137de93a1b8c44897482e087
Red Hat Security Advisory 2015-2159-06
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2159-06 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148
SHA-256 | 4c8f1214c87209b025a888e27c36d8b6ff081c288e2cfca9b6e90d6d41fae18d
Red Hat Security Advisory 2015-2140-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2140-07 - The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-1782
SHA-256 | b68e45af8025497478fc0ae997caa7323085b856d2be7c4e4f55033346d7dc6e
HPE Security Bulletin HPSBUX03522 SSRT102942 1
Posted Nov 20, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03522 SSRT102942 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2015-5722
SHA-256 | 633b86234c3422d4596642a9db25d7bc7a4fba620db6fd90ceb1ab81467cc759
Kibana Cross Site Request Forgery
Posted Nov 19, 2015
Authored by Kevin Kluge

Kibana versions prior to 4.1.3 and 4.2.1 suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2015-8131
SHA-256 | 6045ea2c042b81972ed4a68e93347e2b9910ce5897698ea762510910c470cac1
VMware Security Advisory 2015-0008
Posted Nov 19, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0008 - VMware product updates address information disclosure issue.

tags | advisory, info disclosure
advisories | CVE-2015-3269
SHA-256 | 1c1a650290da77afa5cfb03bf88b3028205f532ac7c23a35fb455c034ad606fa
Red Hat Security Advisory 2015-2078-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2078-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | aac049a21ae427bf24643576d8701e697cfabc9ea4d02e806cb365d534decbce
HP Security Bulletin HPSBGN03521 2
Posted Nov 19, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03521 2 - A potential security vulnerability has been identified in HP Operations Orchestration Central. The vulnerability could be exploited to allow Cross-Site Request Forgery (CSRF). Revision 2 of this advisory.

tags | advisory, csrf
advisories | CVE-2015-5451
SHA-256 | e92f97e1cfb23f448556b38e851e40c4fae3071be411c7a5e4dfb582b77d66c5
Debian Security Advisory 3399-1
Posted Nov 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3399-1 - Several vulnerabilities have been discovered in the libpng PNG library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-7981, CVE-2015-8126
SHA-256 | fc770fc5d8fb31cbec5d8f894af8183e571f9cdcc0236dffad328691216700da
Red Hat Security Advisory 2015-2068-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2068-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
SHA-256 | fe60a25cea587409eb3e69819ff10f018734fe33d7f5c69935f661f1071aa61d
Ubuntu Security Notice USN-2814-1
Posted Nov 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2814-1 - It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2015-7869
SHA-256 | 9cea44ac231bd8392a6ff769542f3eae7053e40d8eb4017356111b4dc0c88e83
Red Hat Security Advisory 2015-2077-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2077-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | b8119ca3b76675c365e5ec6e10e97a27a6c8163ea9d7805cb835c9fc98116c8b
Red Hat Security Advisory 2015-2083-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2083-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | c9f88ba809baf90f4a629479a98d8482fd5274e5a0d331f3a4316e0f0531d8a8
Red Hat Security Advisory 2015-2081-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2081-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2015-5288
SHA-256 | a9a97fccebbbe72476920331ce502e8ceb3f18514137ac2cdace7209eb1dcd74
Red Hat Security Advisory 2015-2086-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2086-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911
SHA-256 | 688052df79cb50ce4f3ff4ec55819b330ffd2d39fb32fb8e3b13e6ff8eac86d2
HP Security Bulletin HPSBGN03521 1
Posted Nov 19, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03521 1 - A potential security vulnerability has been identified in HP Operations Orchestration Central. The vulnerability could be exploited to allow Cross-Site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
advisories | CVE-2015-5451
SHA-256 | 2598d6a322739b3a2a0f9c9ce43bb8a1333a17d53479b18bd2784b21225a9fdb
EMC VPLEX Sensitive Information Exposure
Posted Nov 18, 2015
Site emc.com

EMC VPLEX GeoSynchrony code levels 5.4 SP1 and 5.4 SP1 P1 contain a vulnerability that allows a user password to be logged in plaintext when the user attempts to login via the NAVISPEHERE Graphical User Interface (GUI) that could potentially be exploited by malicious users.

tags | advisory
advisories | CVE-2015-6847
SHA-256 | aba3a874c54e0abf88cfae3881105008b7fa92e7ed06f163ff1aba0f5ddeb024
Ubuntu Security Notice USN-2813-1
Posted Nov 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2813-1 - It was discovered that LXCFS incorrectly enforced directory escapes. A local attacker could use this issue to possibly escalate privileges. It was discovered that LXCFS incorrectly checked certain permissions. A local attacker could use this issue t possibly escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1342, CVE-2015-1344
SHA-256 | 8c9a75162295a7d8159a89ca6f74a8b4cf3fe11fb2ab96fce781b0b4a13caeab
Open-Xchange Guard 2.0 Cross Site Scripting
Posted Nov 17, 2015
Authored by Martin Heiland, Eduard Hauck

Open-Xchange Guard version 2.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-7385
SHA-256 | 888154affc2ef5c3a8d0c97e1dc560312910892473344310de9e89d6ca8fcd4c
Gentoo Linux Security Advisory 201511-02
Posted Nov 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201511-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.548 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644, CVE-2015-7645, CVE-2015-7646, CVE-2015-7647, CVE-2015-7648, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661
SHA-256 | e6845cf2bd6a0e075d4dc6bfd3258c520129150cb19c3a4b1781f97ae1ad7e3b
Microsoft Windows Hardlink Permission Issue
Posted Nov 17, 2015
Authored by Google Security Research, forshaw

On Microsoft Windows you can create NTFS hardlinks without needing write permissions on the target file.

tags | advisory
systems | linux, windows
advisories | CVE-2015-6113
SHA-256 | 760348b2c259a8688b4643226d703dcb86c3811fe54ead7f25e0acc81110138d
Kaspersky Antivirus RAR File Format Parsing Memory Corruption
Posted Nov 17, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing the RAR file format found multiple crashes, some of which are obviously exploitable for remote code execution as NT AUTHORITY\\SYSTEM on any system with Kaspersky Antivirus.

tags | advisory, remote, code execution
systems | linux
SHA-256 | 840a6644fa6473e395e71ccc99acd288e2ea564ff3edbc779548159cd42980df
Kaspersky Antivirus Incorrect %PROGRAMDATA% ACL
Posted Nov 17, 2015
Authored by Tavis Ormandy, Google Security Research

The ACL on %PROGRAMDATA%\Kaspersky Lab allows BUILTIN\Users to create new files. This can be abused to create new plugins and modules during update, and other filesystem races to gain elevated privileges.

tags | advisory
systems | linux
SHA-256 | 5123890ee94b7febd160cd7bdcce88da33225fd6e226283bf65d0ea4999f84e3
Red Hat Security Advisory 2015-2065-01
Posted Nov 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2065-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance or potentially execute arbitrary code on the host.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2015-5279
SHA-256 | de0087d5a5cfeeba9f78eba8af0424b13cc04b6e7c045f4320f4621d4e647a83
Ubuntu Security Notice USN-2812-1
Posted Nov 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2812-1 - Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-1819, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035
SHA-256 | 0b86195a4b80085fc469924f41acb3926e9c8feb49034bd78a19922cf368ba60
Page 4 of 9
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close