Red Hat Security Advisory 2016-2705-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
588ecdc7db1b9535e0fadaa19780440e5e7c00ae836c3d30d91b4d780cd3605dRed Hat Security Advisory 2016-2704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
4b59304042b5184a421ccdac24e9a3a137fd12ff1ce2a39859c76c926a881514SolarEagle version 2.00 suffers from an administrative login bypass vulnerability. MPPT Solar Controller SMART2 suffers from missing server-side authentication, unencrypted communication, and denial of service issues.
2209e8cd0ef6be57d3153d22d6a14a97ba467e2d7f11d0ee9382f5d28911748eVMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.
4dcb01dc71f4c3ef8e79650ea56bdb93fd311f72d9cedc07f0802b1354a0cfbdBarco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities.
68027ae18296a38758ad5283401155201698ca07363404e7522e9abb2c3d266fApache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.
14fd835d407717498ac3649c3d80122d8fe17e038241b3a0f82cdc72ae90739eRed Hat Security Advisory 2016-2702-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
6fce0b784ca078476d60f610a35307acce1cd8a2d83bebb57cb56a904a6d245dDebian Linux Security Advisory 3711-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28.
41f298a0a271dd001dcfd761594bd49d2d5d9c6b70624698939dd5aad22b439eDuring a recent penetration test Computest found and exploited various issues in Observium, going from unauthenticated user to full shell access as root.
4041a850a24306c4f6f7dc1fc7c8b76067ff726516808322d468925aa4244a4fUbuntu Security Notice 3129-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
a29f0d3e3e2ebd12adeba1d4689ca7d3c299aeea87e2ec97e3512daef8e67939Ubuntu Security Notice 3128-2 - USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bb5f7821787ec046a4f18c437fee1c4babaada3a07138c01ab7433aba49a6459Ubuntu Security Notice 3127-1 - It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
01cea1fce1227c7940b3e746c63d4a2d4b996f91e65b161b9da444fd843eb62dUbuntu Security Notice 3129-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
dd14ea01c353f7c9b48c2adcbf07fa50f6b0a15a6a46ca85b0d9700963342534Ubuntu Security Notice 3128-3 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
913ba46b3ae9d9c566f6d8b725cbdaf54e98cc4d79e03714bb9f79f51f89d7abUbuntu Security Notice 3126-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4bbf1d4ea527ad684dcc5fc5db86dbe5395379408e2920a2bad340c35edb6728Ubuntu Security Notice 3128-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.
fa0fb5c655ad6f62fb22e8029251c9321a38dba3f9f91c5f204325d1b11eb9d1Ubuntu Security Notice 3127-2 - USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
7ef8e046784e759daa37ac14a887334035715f84aedb6b85a0db639ce1c7fa5eUbuntu Security Notice 3126-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4ccc284737a64c8c3f06bc96c110403bf3c05592a73bbe558b184db66d8d1d08Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.
226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47eSecunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.
b3fe5824069c9a4b95decbd65be8308681bcd9c605cd54f833850c4f9d059f76Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the "GetTxObj()" function (vsflw.dll), which can be exploited to corrupt memory via a specially crafted PRZ file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
2914cbdd4b457ca4d8242168827399762469f8bf788d8cf4f0710b5fe8753b51Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "VwStreamRead()" function (vssdw.dll), which can be exploited to cause a heap-based buffer overflow via a specially crafted SDW file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
78350c71c5f276b3da2aa8e819d6553d9cb28796c9ee72b50e2724bca05b1a3cCA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219HP Security Bulletin HPSBGN03670 1 - A vulnerability in the Apache Commons Collections library for handling Java object deserialization was addressed by HPE Business Service Management (BSM). The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
ad6a1cd2eec0673197a05b1d4804c60fd20405c5bf9fb7823c1a6507e7b5cd6c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed