exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 204 RSS Feed

Files

Gentoo Linux Security Advisory 201703-02
Posted Mar 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.127 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
SHA-256 | c51f8a0051e7270f97a95bcf1711ad8b3aa56c17825334c096efb33f1dcfa87c
Debian Security Advisory 3813-1
Posted Mar 19, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3813-1 - Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-8714
SHA-256 | 89d4ffd7a32e842c20986f4838edfd08b292bb139056dae65436b8e8523fe784
Gentoo Linux Security Advisory 201703-01
Posted Mar 19, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-1 - A vulnerability in OpenOffice Impress could cause memory corruption. Versions prior to 4.1.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2016-1513
SHA-256 | 9d3240dbabb1ca1c4565b912778e5c87d390c9f6ed0a3981f7499ad2c92ffb54
Debian Security Advisory 3812-1
Posted Mar 18, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3812-1 - It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficient restrictions on automatically downloaded content (pk3 files or game code), which allows malicious game servers to modify configuration settings including driver settings.

tags | advisory
systems | linux, debian
advisories | CVE-2017-6903
SHA-256 | 8378ab80dd27749083fe4b98e31ccf1ebab11bdc2b1bc6451aeabebc7705c473
Debian Security Advisory 3811-1
Posted Mar 18, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3811-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX , DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code.

tags | advisory, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-5596, CVE-2017-5597, CVE-2017-6014, CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474
SHA-256 | 3bc0a93bcc9d243bc96985d94064d39d8de249c1f90184e98b42ce7c89d74742
Red Hat Security Advisory 2017-0558-01
Posted Mar 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0558-01 - Mozilla Firefox is an open source web browser. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5428
SHA-256 | b348aa755ab0960c9c8166625d6ac3c8c0533fb4a678aa4da9d8d2ccedf81f5b
Red Hat Security Advisory 2017-0549-01
Posted Mar 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0549-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host, imgbased, redhat-virtualization-host.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9577, CVE-2016-9578
SHA-256 | 0052f605c3d35e88430203ed2b5f303e9cc564420ae6b663866eb01d683189bb
Red Hat Security Advisory 2017-0552-01
Posted Mar 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0552-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhevm-appliance. Security Fix: A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

tags | advisory, overflow, code execution, protocol
systems | linux, redhat
advisories | CVE-2016-9577, CVE-2016-9578
SHA-256 | 7e67cfe68d03ce819942763349967d9a4ad4a5691416b3afd8bf7afc654d4a38
Cisco Security Advisory 20170317-cmp
Posted Mar 17, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and The incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, arbitrary, local, protocol
systems | cisco, osx
advisories | CVE-2017-3881
SHA-256 | 209636ac80e070405b945bd39606a236c49f1da456a8faee8149160ebe8d92bd
Ubiquiti Networks Command Injection
Posted Mar 16, 2017
Authored by T. Weber | Site sec-consult.com

Various Ubiquiti Networks products suffers from an authenticated command injection vulnerability.

tags | advisory
SHA-256 | 631501986582df6705affaee85c09b6545ca657c5e93491ca7077b69a38cd9a0
Ubuntu Security Notice USN-3235-1
Posted Mar 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3235-1 - It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4448, CVE-2016-4658, CVE-2016-5131
SHA-256 | 7ae32d61ed583ddb13aeb9dd84d7bf72100683ff8af005c02ecd83a9d0fd2b11
Slackware Security Advisory - pidgin Updates
Posted Mar 16, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-2640
SHA-256 | 28ab51f1bbc6ebcee4b3ebc5e26e510679e1692947b5f29bb49d591d536e4f4d
Red Hat Security Advisory 2017-0557-01
Posted Mar 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0557-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.2 serves as a replacement for Red Hat JBoss BPM Suite 6.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-6343, CVE-2016-7034, CVE-2017-2658
SHA-256 | e9340d00f3107dd94b2af8def51139ae837cd04bcea8700d61c5726b656578a2
Cisco Security Advisory 20170315-tes
Posted Mar 16, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote
systems | cisco
advisories | CVE-2017-3846
SHA-256 | 0742ceb22f1861972c1748f3c5cd467a250c277f3d7a11eebfc96fd3898a494d
Cisco Security Advisory 20170315-ap1800
Posted Mar 16, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
advisories | CVE-2017-3831
SHA-256 | bd92cac44b2f149009706c1808ced146e1c0f4fc15a1754d8a0e09ca477ef530
Cisco Security Advisory 20170315-asr
Posted Mar 16, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, shell, root, tcp
systems | cisco
advisories | CVE-2017-3819
SHA-256 | 3af41f251d2f51e2bc77992540bef519775244270fbe2db95d0952bb965612f6
Ubuntu Security Notice USN-3234-1
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-1 - Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
SHA-256 | 5c5e8fa100d4395abf35ee60376533197d5f908f480034af1b0af1c578c3ac34
Ubuntu Security Notice USN-3234-2
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-2 - USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
SHA-256 | 3b8a170883b326573977aa700ad8d4416fc9066a89106d450e459a05f114aba1
Red Hat Security Advisory 2017-0536-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0536-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
SHA-256 | 3af1eb64e5ba3a9b5d81b25a21ebffb1e2f294a7de691d353e4c631ba8ccb8eb
Red Hat Security Advisory 2017-0533-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0533-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 5aac3333ccf258369f447965f1aa956036b7f07ef0922899d13b2fd78fb0d276
Red Hat Security Advisory 2017-0527-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0527-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
SHA-256 | 5563927de693905a07c529e79ed81ecd290e30a393af413dbf50c8b8a15b6dc1
Red Hat Security Advisory 2017-0535-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0535-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
SHA-256 | 4e9fa9619a220759defb0ea857794e676f954f9e8951e43f7f89e8c7e18dbf58
Red Hat Security Advisory 2017-0532-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0532-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 1cee28b179bf71b3773e779c3e4361174692d0c28b5b4ba27c8cbfbbbb4b420b
Red Hat Security Advisory 2017-0526-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0526-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.127. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
SHA-256 | f4dc41a875733fe867aafc7c260d00ea5866dd4eea8f84d38ece0fdec56c5ad3
Red Hat Security Advisory 2017-0531-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0531-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 4beb4d35a3a4f227be5a4c1d95ae891714b97abaa1a874e66592df077266d3d1
Page 5 of 9
Back34567Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close