Exploit the possiblities
Showing 1 - 25 of 186 RSS Feed

Files

Red Hat Security Advisory 2016-2131-01
Posted Oct 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2131-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-8283
MD5 | 743f9b06c8508c8cda9a927f0ac89692
Red Hat Security Advisory 2016-2130-01
Posted Oct 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2130-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5617, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-8283
MD5 | 4639bae393bae65ad49bb4ab9634a3d4
Red Hat Security Advisory 2016-2128-01
Posted Oct 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2128-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-4470, CVE-2016-5195
MD5 | fb99ecab5d659bd43730c6df818651e2
Red Hat Security Advisory 2016-2127-01
Posted Oct 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2127-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-5195
MD5 | 175155c18e9b6f574eeecbff9a379989
Red Hat Security Advisory 2016-2126-01
Posted Oct 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2126-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-5195
MD5 | 9acd7fac3959493a5fb5551f0cf58b09
Crowd LDAP Java Object Injection
Posted Oct 31, 2016
Authored by David Black

This advisory discloses a critical severity security vulnerability which was introduced in version 1.4.1 of Crowd. Versions of Crowd starting with 1.4.1 before 2.8.8 (the fixed version for 2.8.x) and from 2.9.0 before 2.9.5 (the fixed version for 2.9.x) are affected by this vulnerability. The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries.

tags | advisory, remote, code execution
advisories | CVE-2016-6496
MD5 | 1d8d3c4d540edd6f9547a738f73e107d
Debian Security Advisory 3691-2
Posted Oct 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3691-2 - The update for ghostscript issued as DSA-3691-1 caused regressions for certain Postscript document viewers (evince, zathura). Updated packages are now available to address this problem.

tags | advisory
systems | linux, debian
MD5 | cc59fbb6c1e2ab32f618db0aa4b39216
Gentoo Linux Security Advisory 201610-11
Posted Oct 30, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-11 - Multiple vulnerabilities have been found in Wget, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.18 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4971
MD5 | bc66b93055c4f32d445426382684653e
Gentoo Linux Security Advisory 201610-10
Posted Oct 30, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-10 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.205 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4182, CVE-2016-4271, CVE-2016-4272, CVE-2016-4273, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4286, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931
MD5 | ed1a3117a5887fb73f790b7c7d30ee23
Gentoo Linux Security Advisory 201610-09
Posted Oct 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-9 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 54.0.2840.59 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-5138, CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154
MD5 | 8ce6136d34a7ae20b1bde0370c1687b2
Mac OS X 10.11.6 launchd Message Control
Posted Oct 29, 2016
Authored by Google Security Research, ianbeer

A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2016-4675
MD5 | 535e9aa8ea1d3f66f7673b23668db025
Debian Security Advisory 3701-2
Posted Oct 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3701-2 - The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem.

tags | advisory
systems | linux, debian
MD5 | c605f5135166074169086752051aebda
Red Hat Security Advisory 2016-2124-01
Posted Oct 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2124-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-1583, CVE-2016-5195
MD5 | 07b68525c33d0f626da8f190a7337e24
Ubuntu Security Notice USN-3112-1
Posted Oct 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3112-1 - Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5250, CVE-2016-5257, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284
MD5 | 5da74b795a9bb320e61fa71d30516cd3
Apple Security Advisory 2016-10-27-3
Posted Oct 28, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-10-27-3 - iTunes 12.5.2 for Windows is now available and addresses information disclosure and code execution vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | windows, apple
advisories | CVE-2016-4613, CVE-2016-7578
MD5 | d0e5581711961cb47efc1220086af845
Apple Security Advisory 2016-10-27-2
Posted Oct 28, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-10-27-2 - iCloud for Windows v6.0.1 is now available and addresses input validation and memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2016-4613, CVE-2016-7578
MD5 | 64b4c3debaf027af235f399a4d6006a7
Apple Security Advisory 2016-10-27-1
Posted Oct 28, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-10-27-1 - Xcode 8.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2015-3193, CVE-2015-3194, CVE-2015-6764, CVE-2015-8027, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-1669, CVE-2016-2086, CVE-2016-2216
MD5 | 1b007eeb0a2d6139a1982d2a4e1a4a0e
Microsoft Security Bulletin Out-Of-Band Notification For October, 2016
Posted Oct 28, 2016
Site microsoft.com

The bulletin summary for October 2016 has been updated to include an additional out-of-band bulletin, MS16-128.

tags | advisory
MD5 | 532a388c6f66e8be07a2690936ffc7b3
Red Hat Security Advisory 2016-2120-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-5195
MD5 | 81fa87cf714f78bd02f4b7b24c5f2e82
Red Hat Security Advisory 2016-2119-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-7855
MD5 | b8173b311e76e17de8a64f59ca99ca8c
Ubuntu Security Notice USN-3111-1
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3111-1 - A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5287, CVE-2016-5288
MD5 | 9bea6b9b1fc1b4b2a39b0c8eda87ab4c
Ubuntu Security Notice USN-3114-2
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3114-2 - USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Various other issues were also addressed.

tags | advisory, remote, root
systems | linux, ubuntu
MD5 | 1c6d037cf5e608a6ff3b81e9f8a2c714
Red Hat Security Advisory 2016-2101-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2016-5325
MD5 | 8627988deda3df96d960796befeb04fb
HP Security Bulletin HPSBMU03653 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss
systems | linux, windows
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-3739, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4342, CVE-2016-4343, CVE-2016-4393, CVE-2016-4394, CVE-2016-4395, CVE-2016-4396, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-5385, CVE-2016-5387, CVE-2016-5388
MD5 | b0a00ddd465b7222f8adb6967f5ebc81
HP Security Bulletin HPSBHF3549 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF3549 1 - A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PCs and HP consumer notebook PCs. The vulnerability could be exploited to run arbitrary code in System Management Mode, resulting in elevation of privilege or denial of service. Revision HPSBHF3549 of this advisory.

tags | advisory, denial of service, arbitrary
MD5 | 7752358273ab72a83a76b275628ccef9
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close