exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 264 RSS Feed

Files

Gentoo Linux Security Advisory 201701-70
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-70 - A vulnerability in Firewalld allows firewall configurations to be modified by unauthenticated users. Versions less than 0.4.3.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2016-5410
SHA-256 | b01db2a4ec6b59d61d073b26a5bd05b21311f7a9e9d7d5d1ea9c694dbd628852
Gentoo Linux Security Advisory 201701-69
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-69 - A vulnerability in Ark might allow remote attackers to execute arbitrary code. Versions less than 16.08.3-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-5330
SHA-256 | 0303989d4ac4f0368711a762fac23ffb3ac70674f07346ba031e4199d593529b
Gentoo Linux Security Advisory 201701-68
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-68 - Multiple vulnerabilities have been found in FreeImage, the worst of which may allow execution of arbitrary code. Versions less than 3.15.4-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0852, CVE-2016-5684
SHA-256 | afd12c76e0ea415c629d74c8800a4d8baf9b420e07f7313b42ef2475693be9d5
Gentoo Linux Security Advisory 201701-67
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-67 - A vulnerability in a2ps' fixps script might allow remote attackers to execute arbitrary code. Versions less than 4.14-r5 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0466
SHA-256 | 850c4c9bdb2cdbdf0c6960d05680fd9bb889bdd260eb7a3d1c1af075254fc999
Gentoo Linux Security Advisory 201701-66
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-66 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 56.0.2924.76 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
SHA-256 | 52e04e2c58672c4a25b7c2acca1b04889c2d0cf9013bdbcee71ae967ad2016fd
Ubuntu Security Notice USN-3165-1
Posted Jan 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3165-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Andrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9904, CVE-2016-9905, CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396
SHA-256 | a6d7c87b94507e79d2f3c6cb057b062f2bd412b17f050878ba193c58deebfa3d
Ubuntu Security Notice USN-3175-1
Posted Jan 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3175-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393, CVE-2017-5396
SHA-256 | 46188327b48b69d6b7ffd9a3ce490a0967362d442ae02526db0cbdcfbd914ad8
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jan 30, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396
SHA-256 | 85ffe3ab63796ac0ba8c58daa8301dc5f0256c31314a0019ca7a39313f5cd7c9
Debian Security Advisory 3772-1
Posted Jan 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3772-1 - Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-10164
SHA-256 | 38d027668266a30db03fe09726da15863bad12586d9abf60aca9a264b9880ab6
Oracle Outside In VSDX 8.4.0 / 8.5.1 / 8.5.2 / 8.5.3 Use-After-Free
Posted Jan 28, 2017
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the vsvsdx.dll when processing PageHeight and PageWidth values of VSDX file, which can be exploited to corrupt memory via a specially crafted VSDX file. Successful exploitation may allow execution of arbitrary code. Versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.

tags | advisory, arbitrary
advisories | CVE-2017-3266
SHA-256 | 9697a7c849f39a13926892d6b471d55b1281d9096e5b8186ba951919119c04ab
CA Common Services casrvc Privilege Escalation
Posted Jan 28, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

tags | advisory, arbitrary, local, root
systems | linux, solaris, aix, hpux
advisories | CVE-2016-9795
SHA-256 | fc6c18b1ab288c81928a10a9339d929938fcd7120518c622254694d974c59667
EMC Data Protection Advisor Path 6.x Path Traversal
Posted Jan 28, 2017
Site emc.com

EMC Data Protection Advisor contains a fix for a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 6.1.x, 6.2, 6.2.1, 6.2.2, and 6.2.3 prior to patch 446 are affected.

tags | advisory
advisories | CVE-2016-8211
SHA-256 | 1399b4c25d75885ede6ffe39eddd5e40f0959f9e9f7b40269343455100f526fb
Cordova-Android 6.1.1 Insecure Transport
Posted Jan 28, 2017
Authored by Alon Galili

Cordova-Android versions 6.1.1 and below suffer from an insecure transport vulnerability due to the Gradle Distribution URL not using HTTPS by default.

tags | advisory, web
advisories | CVE-2017-3160
SHA-256 | d6bee6780400c2c31f859d15dc8af513d4a62cec6920be28a9ec3b5477f6e910
EMC Documentum D2 4.5 / 4.6 DQL Injection / Cross Site Scripting
Posted Jan 28, 2017
Site emc.com

EMC Documentum versions 4.5 and 4.6 suffer from DQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2016-9872, CVE-2016-9873
SHA-256 | 1fa1935776c0450f0c6cdea2c7600f969b1b60558c23fe2f89c44e6ca37d23f4
EMC Data Domain DD 5.x OS Command Injection
Posted Jan 28, 2017
Site emc.com

EMC Data Domain DD OS has been updated to fix a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.4, 5.5 family all versions prior to 5.5.5.0, 5.6 family all versions prior to 5.6.2.0, 5.7 family all versions prior to 5.7.2.10 are affected.

tags | advisory
advisories | CVE-2016-8216
SHA-256 | 3719ab75a9e74d2e20d08072be2aceabafc3b494f8af1bd2a3a39707e215f405
RSA BSAFE Crypto-J Cryptography Failure
Posted Jan 28, 2017
Site emc.com

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

tags | advisory, cryptography, vulnerability
advisories | CVE-2016-8212, CVE-2016-8217
SHA-256 | ab31c6b98b6ff07db4a9a779660f5967f97cb4172a52706352ff182ae3cb9252
EMC PowerPath Management Appliance Information Disclosure
Posted Jan 28, 2017
Site emc.com

EMC PowerPath Virtual Appliance is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 2.0 and 2.0 SP1 are affected.

tags | advisory, info disclosure
advisories | CVE-2016-0890
SHA-256 | b686a3a955b58b02de9046c1ae26899038d003ce1ed99f6164b144454ff9f2e4
EMC RecoverPoint Information Disclosure / Command Injection
Posted Jan 28, 2017
Site emc.com

EMC RecoverPoint versions prior to 4.4.1.1 and 5.0 suffer from information disclosure and command injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-6648, CVE-2016-6649
SHA-256 | 0ca4b3c6ebdf0150051ad3eed18350d2e8904925131165880fd50ece4d779fc2
RSA Web Threat Detection 5.x Cross Site Scripting
Posted Jan 28, 2017
Site emc.com

RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.0, 5.1, and 5.1.2 are affected.

tags | advisory, web, xss
advisories | CVE-2016-0919
SHA-256 | 1c09ee7779d8cae0ef00e80b9c059864bc8bbabe7168d438d03104a558311d36
Red Hat Security Advisory 2017-0206-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 56.0.2924.76. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
SHA-256 | b65a958e96cc26a65d8cf6736f2c9bef3364ac50db9b295d6df9897e783dd820
Red Hat Security Advisory 2017-0200-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0200-01 - puppet-swift is the Puppet module used by Red Hat OpenStack Platform director to install OpenStack Object Storage. Security Fix: An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9590
SHA-256 | 92418d426a832a17529d19b6b8e0b6781ba925a4c0c7758cb36aa08657d9f839
Red Hat Security Advisory 2017-0205-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0205-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product.

tags | advisory
systems | linux, redhat
SHA-256 | c38891228569154c466ee7137b14f64ba7bfb9744fc90c2cd7a8ba5520a838c9
Debian Security Advisory 3771-1
Posted Jan 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3771-1 - Multiple security issues have been found in the Mozilla Firefox web errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396
SHA-256 | d99c14028fa61a63d267e44f38d8b8fc49fc7b2804ca31dec588fe86f9a620d1
Cisco Security Advisory 20170125-telepresence
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
systems | cisco
SHA-256 | b25ac4e0a30adf1e190b4cdde7f8af8749cd2dec6e09663e29c25b6921ea28a5
Cisco Security Advisory 20170125-expressway
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco
SHA-256 | e38280c54046f87c9130ec4824a4152f839104804c03a19b62b8d53b7ab0c984
Page 2 of 11
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close