exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 187 RSS Feed

Files

Gentoo Linux Security Advisory 201702-14
Posted Feb 21, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-14 - A heap-based buffer overflow in PyCrypto might allow remote attackers to execute arbitrary code. Versions less than 2.6.1-r2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2013-7459
SHA-256 | e49964c51be6513fd920fa46c295bd95fe24efd58c8d5f4f02ce944638d34e01
Gentoo Linux Security Advisory 201702-13
Posted Feb 21, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 45.7.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396
SHA-256 | 4e6c9b6c887de08be450a8596c0ce33fe1812048715d0838bd2aa5d57658a6ac
Ubuntu Security Notice USN-3202-1
Posted Feb 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3202-1 - Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-9577, CVE-2016-9578
SHA-256 | 48b335caa3db2e8cecc79f87924e6e7b7ef20b603e40720f1f3f109a03a9d3af
Ubuntu Security Notice USN-3203-1
Posted Feb 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3203-1 - It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5884, CVE-2017-5885
SHA-256 | 6c58dfec8d09852c5bf6261c22dcb2332232e0c2a285cf29b44c1e453ec62204
Ubuntu Security Notice USN-3204-1
Posted Feb 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3204-1 - It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-6056
SHA-256 | 88d15946d2c7ca6641b2b0d9ab6a3032e893c12ef0b833c14b96a392bf4498f8
Red Hat Security Advisory 2017-0286-01
Posted Feb 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0286-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2016-8610, CVE-2017-3731
SHA-256 | 263e10e25244071ae6bff5440a09981e5d4c03c3e8382ee37d122e6f44fcaee2
Gentoo Linux Security Advisory 201702-12
Posted Feb 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-12 - Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10a-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-6265, CVE-2016-6525, CVE-2017-5896
SHA-256 | b5b498264a2f4a5e1823126da1134199b8ce2c43ccf54d288bb0e6623f948020
Gentoo Linux Security Advisory 201702-11
Posted Feb 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-11 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which allows context-dependent attackers to execute arbitrary code. Versions less than 2.23-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9761, CVE-2015-5277, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779, CVE-2016-1234, CVE-2016-3075
SHA-256 | fa2a94198c76126434e575483adb24e98f6fc6067b9bede81d1fab17552eb3e5
Gentoo Linux Security Advisory 201702-10
Posted Feb 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-10 - A vulnerability in NTFS-3G allows local users to gain root privileges. Versions less than 2016.2.22-r2 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-0358
SHA-256 | ee4509abb8d07659fe187c08f1cf8070767d055822625eb1de9ade54c1d6e459
QEMU Host Filesystem Arbitrary Access
Posted Feb 18, 2017
Authored by Jann Horn, Google Security Research

QEMU has an issue where virtfs permits a guest to access the entire host filesystem.

tags | advisory
advisories | CVE-2016-9602
SHA-256 | 8afb47007c79b3a9ac847f6e9b076ad790c162d53fdddf920e2a3d557b2daeb1
Cisco ASA WebVPN CIFS Handling Buffer Overflows
Posted Feb 18, 2017
Authored by Google Security Research, ochang

Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.

tags | advisory, overflow
systems | cisco
advisories | CVE-2017-3807
SHA-256 | 5f13058e5f06f00a4c9e17b0e2cff240e100c10816e9044cab1647b9e216332f
Ubuntu Security Notice USN-3199-2
Posted Feb 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.

tags | advisory, python
systems | linux, ubuntu
SHA-256 | ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913
Gentoo Linux Security Advisory 201702-09
Posted Feb 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-9 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.7.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10144, CVE-2016-10145, CVE-2016-10146, CVE-2016-9298, CVE-2017-5506, CVE-2017-5507, CVE-2017-5508, CVE-2017-5509, CVE-2017-5510, CVE-2017-5511
SHA-256 | 76c4d959e155995070047941ecd5e0069dcc43c4077e5f8e9c14cc9087bcdc9c
Debian Security Advisory 3790-1
Posted Feb 17, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3790-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2016-9577, CVE-2016-9578
SHA-256 | 49cc794953e2a7fa3792442d95f833015b85f773dc7987a963b5beab5882e82d
Ubuntu Security Notice USN-3199-1
Posted Feb 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3199-1 - It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.

tags | advisory, remote, overflow, arbitrary, python
systems | linux, ubuntu
SHA-256 | e8a7c38d5847c9eb619e356107017e6f6145e41512cc339e081a0c3d1ef48e20
Ubuntu Security Notice USN-3201-1
Posted Feb 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3201-1 - It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3135
SHA-256 | aa4b9a3339b5c3377bb62c14333d747ef7a018f9172d10f35322b16f7763eef6
Ubuntu Security Notice USN-3200-1
Posted Feb 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3200-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
SHA-256 | a61c6b895c9fb308b79806c33c686eac64252cfe20244790ee0c7c447b60ff74
Ubuntu Security Notice USN-3198-1
Posted Feb 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272
SHA-256 | 401231d16faaf570a0694163991be2f69899e60a6316f4ea5ccc0ea0741ef00f
Red Hat Security Advisory 2017-0282-01
Posted Feb 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0282-01 - The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes. OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5162
SHA-256 | 5fd712c87b8881f2c1c11ceb138da557ae0c18a97e0eaffd9f628cfb8aad3438
Ubuntu Security Notice USN-3197-1
Posted Feb 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3197-1 - Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-9427
SHA-256 | 9660c57eca69d7e5b5e3f1edab1ac7798f8fe091d546ea992308803cdc972e83
Cisco Security Advisory 20170215-ucs
Posted Feb 16, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. Attackers could exploit this vulnerability by enabling Developer Mode for their user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to the profile. An exploit could allow attackers to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, web, arbitrary, local
systems | cisco
SHA-256 | af8ddd4b376f7c30e09926c47b62cf5a42d2a31626a7239edac7bdaa02886344
Red Hat Security Advisory 2017-0276-01
Posted Feb 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0276-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3135
SHA-256 | 33a7601585c42e9c028fe9fe800eccb4904146febae800994c309c87bb09a0ce
Suricata IDS / IPS 3.2.x / 3.1.x IPv4 Evasion
Posted Feb 16, 2017
Authored by Jeremy Beaume

Suricata IDS / IPS versions 3.2.x before 3.2.13.13 and versions 3.1.3 and below suffered from an issue with IPv4 evasion.

tags | advisory
SHA-256 | ae4d50e6dd5d0d4d2b0cfb7661192e3225d3bededae3434f440a38ff2641bf79
OpenSSL Security Advisory 20170216
Posted Feb 16, 2017
Site openssl.org

OpenSSL Security Advisory 20170216 - During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.

tags | advisory
advisories | CVE-2017-3733
SHA-256 | 89f33fdcfc3a843de7fa742f846df800fb1b00666355c492d4ba177e9b4340bb
ytnef 1.9 Heap Overflow / Out-Of-Bounds Read / Write
Posted Feb 15, 2017
Authored by Eric Sesterhenn

Multiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.

tags | advisory, overflow
SHA-256 | 863155d81c8f400b25a4c4da9abcbe4f9c556d4ce5bca22e8188cfbb64d6d669
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close