what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 187 RSS Feed

Files

Red Hat Security Advisory 2017-0324-01
Posted Feb 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | f14e2b46c2b71cef1afb04a771220b5372f199e76244ba0af668358a52b9f888
Debian Security Advisory 3792-1
Posted Feb 25, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3792-1 - Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2017-3157
SHA-256 | 54bbcab9a611638d54637eac6c3d32a3d276c790c825d076deb406e2defa354f
tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows
Posted Feb 24, 2017
Authored by Eric Sesterhenn

tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 5705b80ef5130f182eaa09743b3b19d2e17761e1bcc5443fc91394d3bdbe51e3
Microsoft Security Bulletin Summary For February, 2017
Posted Feb 24, 2017
Site microsoft.com

This bulletin summary lists one released Microsoft security bulletin for February, 2017.

tags | advisory
SHA-256 | c10fca7550173686a11a883eb6930a23f50785d3d78916bad5ddf4bdd62390bc
Apple Security Advisory 2017-02-21-2
Posted Feb 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-02-21-2 - Logic Pro X 10.3.1 is now available and addresses a memory corruption vulnerability.

tags | advisory
systems | apple
advisories | CVE-2017-2374
SHA-256 | 3eed75a7242320f6481a22179eaefd954c54322d7a2947a90ddbefa68b2f94a4
Apple Security Advisory 2017-02-21-1
Posted Feb 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-02-21-1 - GarageBand 10.1.6 is now available and addresses a memory corruption issue.

tags | advisory
systems | apple
advisories | CVE-2017-2374
SHA-256 | 1a5a8e755756dda1db45dd85aee82fc3cf7d4f874e1f54dad06b2fd61d006d03
Apple WebKit Frame::setDocument UXSS
Posted Feb 24, 2017
Authored by Google Security Research, lokihardt

Apple WebKit suffers from a UXSS via Frame::setDocument.

tags | advisory
systems | apple
advisories | CVE-2017-2365
SHA-256 | 5104194e03e417e5667c9b4e888d0c95f77d92b2d00a9053243150deb4f64f54
Apple WebKit Pop-Up Blocker Bypass
Posted Feb 24, 2017
Authored by Google Security Research, lokihardt

AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe.

tags | advisory
advisories | CVE-2017-2371
SHA-256 | d457da214a1cf7f501ec9edc89ee54671857a33c838ee0dd2b0b469664bd1774
Siklu EtherHaul Remote Command Execution
Posted Feb 24, 2017
Authored by Ian Ling

Siklu Etherhaul versions prior to 7.4.0 suffer from an unauthenticated remote command execution vulnerability.

tags | advisory, remote
SHA-256 | 1488db4819cb3d631d5458d8303eb2a66ace7ffc1a16fa5a512858691028f7ce
Java / Python FTP URL Handling XXE / SSRF
Posted Feb 24, 2017
Authored by Timothy D. Morgan

Java and Python both have URL handling code that can be leveraged for XML external entity (XXE) injection and SSRF attacks.

tags | advisory, java, python, xxe
SHA-256 | 9f2a5aa311b233621706991238e47f4e31fc0b190ca89a1f42a16cfca5d09c4c
Ubuntu Security Notice USN-3210-1
Posted Feb 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3210-1 - Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links.

tags | advisory, arbitrary
systems | linux, ubuntu
SHA-256 | eb76a721c6b299a108a59454abfea2068bb742c16cf457993916607f6caffb98
Red Hat Security Advisory 2017-0309-01
Posted Feb 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0309-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-2857, CVE-2017-2615
SHA-256 | b208a03f917075e83c83e02b7c9d9e67d01004db93202ffd0e4666086e2e5fbc
Red Hat Security Advisory 2017-0307-01
Posted Feb 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0307-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2016-6136, CVE-2016-9555
SHA-256 | f5626e12bf318a6ceba6e16077d4ef1c50c6d37818aae8533ea4a67d5ff5c19a
Red Hat Security Advisory 2017-0316-01
Posted Feb 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0316-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | b636031802de3b3dfef681e9912cabfab34e12ce63c092ae7a18e3a97f900150
Ubuntu Security Notice USN-3211-1
Posted Feb 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3211-1 - It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-7479, CVE-2016-9137, CVE-2016-9935, CVE-2016-9936, CVE-2017-5340
SHA-256 | ee725f310771fc35d7cc3ac15e95e4674c6a5a8b5ec3ed497c4f369a51d9cb9e
FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl
Posted Feb 23, 2017
Site security.freebsd.org

FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
SHA-256 | fd0871f8f44d01650f47267d841a243c6a575b751f8b35d5ec24cc8563298df8
Debian Security Advisory 3791-1
Posted Feb 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3791-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2016-6786, CVE-2016-6787, CVE-2016-8405, CVE-2016-9191, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596, CVE-2017-2618, CVE-2017-5549, CVE-2017-5551, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6074
SHA-256 | d4c6af8f0e3dd4d9e278a3515440e0936dca73862bdc065cf6bd5e2d14200203
Red Hat Security Advisory 2017-0300-01
Posted Feb 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0300-01 - The OpenStack Oslo Middleware library provides components that can be injected into WSGI pipelines to intercept request and response flows. The base class can be enhanced with functionality like adding or updating HTTP headers, or to offer support for limiting size or connections. Security Fix: An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. Remote users could exploit this flaw to obtain sensitive information from OpenStack component error logs.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-2592
SHA-256 | c3359bf03135b1a5ff63d07bd5d660438d80e7a084cdb79b79c57de44ee006f0
Ubuntu Security Notice USN-3142-2
Posted Feb 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3142-2 - USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 6bd0ad7bc46bd1aec3d550bb978fdd2857a665eafe7bbbd3d348eff865feec3f
Debian Security Advisory 3788-2
Posted Feb 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3788-2 - The update for tomcat8 issued as DSA-3788-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue.

tags | advisory, web
systems | linux, debian
SHA-256 | 9a471d0b8a11213787df65f14ac8faa29f4bd6795bfbb006a10eb21ea59d636d
Red Hat Security Advisory 2017-0293-01
Posted Feb 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0293-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | 675d2cff55b3e4f76bda52e3edcac6e3540ae592d7cec108e0884eb508679175
Red Hat Security Advisory 2017-0295-01
Posted Feb 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | 43f786bca525228053ddc893e7b07e03f946f70afcdc61825d743ae0d53139bc
Red Hat Security Advisory 2017-0294-01
Posted Feb 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0294-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | 0fb4e054d84d8aecf3a85b795c0e3c8be31aec44f88499706fea037f8323067b
Gentoo Linux Security Advisory 201702-32
Posted Feb 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-32 - Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack. Versions prior to 0.6.1 are affected.

tags | advisory, ruby
systems | linux, gentoo
advisories | CVE-2016-10173
SHA-256 | 157e690b127e197b5e2dc69bc809ae8b72ef330c005521c03a4cf6eaf39f4814
Gentoo Linux Security Advisory 201702-31
Posted Feb 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-31 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.20-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602
SHA-256 | b3d656fb5ed70e42c11d5359cb050e758a1e9620ffbbe27b7796e55ec545d211
Page 2 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close