Red Hat Security Advisory 2016-2705-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
588ecdc7db1b9535e0fadaa19780440e5e7c00ae836c3d30d91b4d780cd3605d
Red Hat Security Advisory 2016-2704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
4b59304042b5184a421ccdac24e9a3a137fd12ff1ce2a39859c76c926a881514
SolarEagle version 2.00 suffers from an administrative login bypass vulnerability. MPPT Solar Controller SMART2 suffers from missing server-side authentication, unencrypted communication, and denial of service issues.
2209e8cd0ef6be57d3153d22d6a14a97ba467e2d7f11d0ee9382f5d28911748e
VMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.
4dcb01dc71f4c3ef8e79650ea56bdb93fd311f72d9cedc07f0802b1354a0cfbd
Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities.
68027ae18296a38758ad5283401155201698ca07363404e7522e9abb2c3d266f
Apache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.
14fd835d407717498ac3649c3d80122d8fe17e038241b3a0f82cdc72ae90739e
Red Hat Security Advisory 2016-2702-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
6fce0b784ca078476d60f610a35307acce1cd8a2d83bebb57cb56a904a6d245d
Debian Linux Security Advisory 3711-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28.
41f298a0a271dd001dcfd761594bd49d2d5d9c6b70624698939dd5aad22b439e
During a recent penetration test Computest found and exploited various issues in Observium, going from unauthenticated user to full shell access as root.
4041a850a24306c4f6f7dc1fc7c8b76067ff726516808322d468925aa4244a4f
Ubuntu Security Notice 3129-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
a29f0d3e3e2ebd12adeba1d4689ca7d3c299aeea87e2ec97e3512daef8e67939
Ubuntu Security Notice 3128-2 - USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bb5f7821787ec046a4f18c437fee1c4babaada3a07138c01ab7433aba49a6459
Ubuntu Security Notice 3127-1 - It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
01cea1fce1227c7940b3e746c63d4a2d4b996f91e65b161b9da444fd843eb62d
Ubuntu Security Notice 3129-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
dd14ea01c353f7c9b48c2adcbf07fa50f6b0a15a6a46ca85b0d9700963342534
Ubuntu Security Notice 3128-3 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
913ba46b3ae9d9c566f6d8b725cbdaf54e98cc4d79e03714bb9f79f51f89d7ab
Ubuntu Security Notice 3126-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4bbf1d4ea527ad684dcc5fc5db86dbe5395379408e2920a2bad340c35edb6728
Ubuntu Security Notice 3128-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
fa0fb5c655ad6f62fb22e8029251c9321a38dba3f9f91c5f204325d1b11eb9d1
Ubuntu Security Notice 3127-2 - USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
7ef8e046784e759daa37ac14a887334035715f84aedb6b85a0db639ce1c7fa5e
Ubuntu Security Notice 3126-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4ccc284737a64c8c3f06bc96c110403bf3c05592a73bbe558b184db66d8d1d08
Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.
226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47e
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.
b3fe5824069c9a4b95decbd65be8308681bcd9c605cd54f833850c4f9d059f76
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the "GetTxObj()" function (vsflw.dll), which can be exploited to corrupt memory via a specially crafted PRZ file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
2914cbdd4b457ca4d8242168827399762469f8bf788d8cf4f0710b5fe8753b51
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "VwStreamRead()" function (vssdw.dll), which can be exploited to cause a heap-based buffer overflow via a specially crafted SDW file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
78350c71c5f276b3da2aa8e819d6553d9cb28796c9ee72b50e2724bca05b1a3c
CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5
CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219
HP Security Bulletin HPSBGN03670 1 - A vulnerability in the Apache Commons Collections library for handling Java object deserialization was addressed by HPE Business Service Management (BSM). The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
ad6a1cd2eec0673197a05b1d4804c60fd20405c5bf9fb7823c1a6507e7b5cd6c