ignore security and it'll go away
Showing 1 - 25 of 194 RSS Feed

Files

FreeBSD Security Advisory - FreeBSD-SA-16:11.openssl
Posted Jan 31, 2016
Site security.freebsd.org

FreeBSD Security Advisory - A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. An active MITM attacker may be able to force a protocol downgrade to SSLv2, which is a flawed protocol and intercept the communication between client and server.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-3197
MD5 | 105c5b4a34e39afed10e9bbc94054342
Gentoo Linux Security Advisory 201601-05
Posted Jan 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-5 - Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes. Versions less than 1.0.2f are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | 23b6803a19602b3166e8d8d8886e8168
HP Security Bulletin HPSBHF03539 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03539 1 - Vulnerabilities in OpenSSH and ISC BIND were addressed by HPE VCX. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-5477, CVE-2015-5600, CVE-2015-5722
MD5 | 6b1d5c4e2723750b4c85c318fa20f427
HP Security Bulletin HPSBGN03533 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03533 1 - A potential security vulnerability in the TLS protocol was addressed by the HPE Cloud Service Automation and Codar products. This vulnerability known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2015-4000
MD5 | 5753ad20f07994a0e93a1b6ce4a571f4
HP Security Bulletin HPSBOV03540 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2007-0493, CVE-2007-0494, CVE-2008-0122, CVE-2009-4022, CVE-2010-0097, CVE-2012-1667, CVE-2012-4244, CVE-2012-5166
MD5 | 595a4df292feaba6a50f97e0a2a55b79
HP Security Bulletin HPSBHF03510 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03510 1 - A potential security vulnerability has been identified in HP Integrated Lights Out 2/3/4. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Unlike the TLS server-side version of Logjam, this vulnerability affects the client-side TLS connection on iLO, or when the iLO acts as a client in a client-server connection. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | b97907dae89a06f33ea7b50ebce10a80
HP Security Bulletin HPSBHF03419 3
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03419 3 - A potential security vulnerability has been identified in HPE Networking Products. This is a Virtual routing and forwarding (VRF) hopping vulnerability that could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Note: This vulnerability could be exploited remotely as a result of the following network interface conditions: VRF (Virtual Routing and Forwarding) is enabled. MPLS (Multiprotocol Label Switching) is disabled. MPLS-labeled packets are received that match FIB (Forwarding Information Base) entries. When all the above conditions exist, the interface could incorrectly forward the MPLS-labeled packets. Revision 3 of this advisory.

tags | advisory, denial of service
advisories | CVE-2015-5434
MD5 | 079a18aef987acdfefb0ab7809823273
HP Security Bulletin HPSBGN03542 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03542 1 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Operations Manager for Windows. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
systems | windows
advisories | CVE-2016-1985
MD5 | e17bd176f38963018b6c0ecee4ecc5a5
Apache Hive 1.0.1 / 1.1.0 / 1.2.1 Authorization Bug Disclosure
Posted Jan 29, 2016
Authored by Sushanth Sowmyan, Olaf Flebbe

Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the authorization framework, which defines authorization entities only from the table level upwards. This issue is known to affect Hive clusters protected by both Ranger as well as SqlStdHiveAuthorization. Apache Hive versions 1.0.0 through 1.0.1, 1.1.0 through 1.1.1, and 1.2.0 through 1.2.1 are affected.

tags | advisory, info disclosure
advisories | CVE-2015-7521
MD5 | 79e855ca810454b257359484284a8dc6
HP Security Bulletin HPSBHF03538 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03538 1 - Potential security vulnerabilities in Adobe Flash have been addressed with HPE iMC Service Health Manager (SHM), and iMC PLAT. The vulnerabilities could be exploited remotely resulting in execution of code or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-3113, CVE-2015-5122
MD5 | 89b506907f63f7614403feb19a1b698c
HP Security Bulletin HPSBHF03535 3
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03535 3 - Potential security vulnerabilities in Adobe Flash have been addressed with HPE iMC Service Health Manager (SHM) and iMC PLAT. The vulnerabilities could be exploited remotely resulting in execution of code, Denial of Service (DoS), or other impacts to affect confidentiality, integrity, and availability. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
MD5 | 8ee97ef31a5348369207d5504ddc0e33
Red Hat Security Advisory 2016-0087-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0087-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | 233a50dce35d01a977e0a02556f8b518
Red Hat Security Advisory 2016-0085-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0085-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 4fa0b330a02471e2ba73baa071526ca9
Debian Security Advisory 3459-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3459-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616
MD5 | 9bcd1e0331009e6ccd525d2e62eed9b8
Red Hat Security Advisory 2016-0084-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0084-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | 8eefa27ea933c9319807e5e9dc839f29
Red Hat Security Advisory 2016-0081-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0081-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 8b5231f9d5f01469ab02d0e86e3bd8d9
Red Hat Security Advisory 2016-0083-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0083-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | b53b529a68817889348a42c611b20aa1
Red Hat Security Advisory 2016-0086-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0086-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | daba82b331cf1c40d969d45229fec927
Red Hat Security Advisory 2016-0088-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0088-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | cec916101d419a0c601e005320e0469a
Red Hat Security Advisory 2016-0082-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0082-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 66f66ff09d0cfc73b78cff5b82928a83
Debian Security Advisory 3458-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3458-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | e6aecc8f3195e1fd21bec4bdd130cc61
Debian Security Advisory 3457-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

tags | advisory, overflow, arbitrary, crypto
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1930, CVE-2016-1935
MD5 | 4b063b5e0413f1e0f06bcc5d3f9f9918
Ubuntu Security Notice USN-2882-1
Posted Jan 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2882-1 - Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-0755
MD5 | ed1dd1d742c79959c7c834167708bf80
Cisco Security Advisory 20160127-rv220
Posted Jan 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. The vulnerability is due to insufficient input validation of HTTP request headers that are sent to the web-based management interface of an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the management interface of a targeted device. Depending on whether remote management is configured for the device, the management interface may use the SQL code in the HTTP request header to determine user privileges for the device. A successful exploit could allow the attacker to bypass authentication on the management interface and gain administrative privileges on the device. Cisco released a firmware update that addresses this vulnerability. There are workarounds that mitigate this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | 9f92799dac0f994c145edc253ae0983e
Cisco Security Advisory 20160127-waascifs
Posted Jan 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Internet File System (CIFS) optimization feature of the Cisco Wide Area Application Service (WAAS) device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service (DoS) condition. The vulnerability is due to insufficient flow handling of incoming CIFS traffic. An attacker could exploit this vulnerability by sending malicious traffic designed to trigger the vulnerability. An exploit could allow the attacker to cause a DoS condition by exhausting system buffering resources, resulting in a reload of the affected device.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 673d826ed50187a6d8e3f8e52b762b23
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close