exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 195 RSS Feed

Files

Ubuntu Security Notice USN-2883-1
Posted Jan 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2883-1 - Antonio Sanso discovered that OpenSSL reused the same private DH exponent for the life of a server process when configured with a X9.42 style parameter file. This could allow a remote attacker to possibly discover the server's private DH exponent when being used with non-safe primes.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-0701
SHA-256 | e6cc39accadcc806fe59f5b71d75c4bdade362ac1da83bbaf9b3dfc0944cda77
Red Hat Security Advisory 2016-0079-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0079-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
SHA-256 | a35918ab39e99762a3b19dc79daedc98eaadd5ba6e3ea93e97f92ef32c18ecf6
Red Hat Security Advisory 2016-0078-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0078-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-8500, CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
SHA-256 | 0ed3af1b476de859391daa5f87e999a2851fe7c925578620450a6d7ababb9e84
McAfee File Lock Driver Host Crash
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.

tags | advisory, denial of service, overflow, kernel
advisories | CVE-2015-8773
SHA-256 | 630b8a3d4523538ded4d87575e898edf1599ae13e6a4b1b0f4e7d8231325f5d6
McAfee File Lock Driver Kernel Memory Leak
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.

tags | advisory, memory leak
advisories | CVE-2015-8772
SHA-256 | 04c8d5c31b7ee243b018718bfc3219e46bdaa41850c8c43eb7249df641e6d335
OpenSSL Security Advisory 20160128
Posted Jan 28, 2016
Site openssl.org

OpenSSL Security Advisory 20160128 - Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. Other issues were also addressed.

tags | advisory
advisories | CVE-2015-3197, CVE-2015-4000, CVE-2016-0701
SHA-256 | d50931cebdf0a0acaa97a892bb010a2edb2d2c635c92fe22e53e92c6c950ea3f
Eclipse Birt Report Viewer 4.5.0 Cross Site Scripting
Posted Jan 27, 2016

Eclipse Birt Report Viewer versions 4.5.0 and below suffer from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 69a4754bb354b6494f39716677edb9890c7c5c0beb35f24950e1109deed68f22
Ubuntu Security Notice USN-2877-1
Posted Jan 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2877-1 - A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. An issue was discovered when initializing the UnacceleratedImageBufferSurface class in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1612, CVE-2016-1614, CVE-2016-1617, CVE-2016-1618, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052
SHA-256 | aab8df13dc9b776b7c26a05ccd6eaddbcf4b892adbc9b482528491a49bf05d93
Gentoo Linux Security Advisory 201601-03
Posted Jan 27, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-3 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.559 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406
SHA-256 | b8c52d90e2d0336f1f246283e0e308d85d2986a86017a06c3029d79fbee82b35
Ubuntu Security Notice USN-2880-1
Posted Jan 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2880-1 - Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1942, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947
SHA-256 | 15dcb61b640228ff99b99cf47350fa53304f54f58f8616c179264e04e1b8ed38
Gentoo Linux Security Advisory 201601-02
Posted Jan 27, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-2 - Multiple vulnerabilities have been found in WebKitGTK+, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.4.9 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
SHA-256 | f3a5025bfb0304bda37a58157d49dc12fa3b3ccb0643fbfd5c1f28f0eba464cb
Debian Security Advisory 3456-1
Posted Jan 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3456-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-6792, CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620
SHA-256 | ab15479803fcbef943a792cd959048ad997c63adae4e56ba5a338c70faaacb9e
Red Hat Security Advisory 2016-0074-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0074-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List records. A remote, authenticated attacker could use this flaw to cause named to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-8704
SHA-256 | 03f7bbfa2b18a4a3b83bbffd6ed34a4d48ec454bf9244aad45716be05882f8d3
Red Hat Security Advisory 2016-0073-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0073-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List records. A remote, authenticated attacker could use this flaw to cause named to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-8704
SHA-256 | 0db5e96fc5a1c32ba00ccd1a8a3d18015f269e554da1d8b34e329b5755e2b83b
Red Hat Security Advisory 2016-0072-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0072-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.82, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052
SHA-256 | 1f7e8b8443509ecf1ca8eb1f131d227bb7c7e3f6216070fc81adf21bb3594a19
Debian Security Advisory 3455-1
Posted Jan 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3455-1 - Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.

tags | advisory, web
systems | linux, debian
advisories | CVE-2016-0755
SHA-256 | 3620e17695b64ca3c1d71e402b5865252838bb7f40fb0095351f1bce3684e807
Red Hat Security Advisory 2016-0070-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0070-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662, CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667, CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807, CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813, CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, CVE-2015-5325, CVE-2015-5326, CVE-2015-7537
SHA-256 | e73b61bb8856329558f3b1fe6a7f3f2ec02da96fe2e70154bb79cba5ab14ce31
FreeBSD Security Advisory - FreeBSD-SA-16:10.linux
Posted Jan 27, 2016
Authored by Isaac Dunham, Brent Cook, Warner Losh | Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the Linux compatibility layer could cause the issetugid(2) system call to return incorrect information. If an application relies on output of the issetugid(2) system call and that information is incorrect, this could lead to a privilege escalation.

tags | advisory
systems | linux, freebsd
advisories | CVE-2016-1883
SHA-256 | 2462fca5abf2f3ca47e35945821727dadf6171021ac17e978ce0410a5ed2e46b
FreeBSD Security Advisory - FreeBSD-SA-16:09.ntp
Posted Jan 27, 2016
Authored by Cisco ASIG / Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in ntp 4.2.8p5.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976
SHA-256 | 0012bd57d2a8406dd32930fabf358096ce959163c75bbf46f91070e3e7c213d8
FreeBSD Security Advisory - FreeBSD-SA-16:08.bind
Posted Jan 27, 2016
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - There is an off-by-one error in a buffer size check when performing certain string formatting operations. Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. Recursive resolvers are potentially vulnerable when debug logging is enabled and if they are fed a deliberately malformed record by a malicious server. A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.

tags | advisory
systems | freebsd
advisories | CVE-2015-8704
SHA-256 | c803a5067169b0dd06a8b595f07a796ef604d725b2cec7e9041f63d8bdb30a0a
Debian Security Advisory 3454-1
Posted Jan 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3454-1 - Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-5307, CVE-2015-8104, CVE-2016-0495, CVE-2016-0592
SHA-256 | 136e69f73fdf63ba39f28da933af0cb4bc9773576e34a8eca44649ebf4d8bee2
Gentoo Linux Security Advisory 201601-04
Posted Jan 27, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-4 - Multiple vulnerabilities have been found in OpenSMTPD, the worst allowing remote attackers to execute arbitrary code. Versions less than 5.7.3_p1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | d62d01579964fac63bf4746a32bf41e5b67100440041d0086c611de45fba65c2
Red Hat Security Advisory 2016-0071-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0071-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1930, CVE-2016-1935
SHA-256 | 0707aeb8d6d66c6d6ac2cd338c1d1bbb3165a2c608c22b2298f846bd5f9cf289
Red Hat Security Advisory 2016-0069-01
Posted Jan 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0069-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on April 10, 2016. Red Hat will not provide extended support for this product.

tags | advisory
systems | linux, redhat
SHA-256 | a08df67f5b9ac459e1707c0ed2c561f2940ec67b6c4b71c7fa0bbb9fb5030297
HP Security Bulletin HPSBGN03537 1
Posted Jan 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03537 1 - Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent and IceWall File Manager resulting in local or remote Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, remote, denial of service, local, vulnerability
advisories | CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317
SHA-256 | ebea45214162925e8f3d50ace17003491095900b48925fe3074d9826ec4e1056
Page 2 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close