Exploit the possiblities
Showing 1 - 25 of 142 RSS Feed

Files

HP Security Bulletin HPESBHF03738 1
Posted Apr 28, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03738 1 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. These vulnerabilities could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-5804, CVE-2017-5805, CVE-2017-5806
MD5 | 3b5820890620c0e75bb1ef2f49ffb761
Debian Security Advisory 3838-1
Posted Apr 28, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3838-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291
MD5 | c3ad9f6743b40507b3e3766e84c5eb21
Ubuntu Security Notice USN-3270-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-5461
MD5 | c8e97563f6a755db5f133a0d95df860c
Ubuntu Security Notice USN-3272-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-1 - It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291
MD5 | 23075cd798faa9da8af561bc482c7aad
Ubuntu Security Notice USN-3271-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3271-1 - Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possible execute arbitrary code. Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841, CVE-2016-4738, CVE-2017-5029
MD5 | dad66d7aca6f0a320a5b0456148ee52d
Debian Security Advisory 3836-1
Posted Apr 27, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3836-1 - It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.

tags | advisory, remote, overflow
systems | linux, debian
advisories | CVE-2017-8073
MD5 | c8834003029c854d876903fadae5e0e7
Ubuntu Security Notice USN-3269-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3269-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3331, CVE-2017-3450, CVE-2017-3453, CVE-2017-3454, CVE-2017-3455, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458, CVE-2017-3459, CVE-2017-3460, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3465, CVE-2017-3467, CVE-2017-3468, CVE-2017-3599, CVE-2017-3600
MD5 | 9a05907ed5afb9bc42fe56e3f111180d
FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
Posted Apr 27, 2017
Authored by Cy Schubert | Site security.freebsd.org

FreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack.

tags | advisory, denial of service, udp, tcp, memory leak
systems | freebsd
advisories | CVE-2017-1081
MD5 | 52202a1372fafbdf07a4259245a5e409
Gentoo Linux Security Advisory 201704-04
Posted Apr 27, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-4 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.148 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
MD5 | 90839edc439b89a96dc84ca83a24a077
Confluence 6.0.x Information Disclosure
Posted Apr 26, 2017
Authored by David Black | Site atlassian.com

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.

tags | advisory, web, info disclosure
advisories | CVE-2017-7415
MD5 | 38ca5d2e34e97c50ec379da3ed758169
Apache Hadoop DataNode Missed Validation
Posted Apr 26, 2017
Authored by Sunil Yadav

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected.

tags | advisory
advisories | CVE-2017-3162
MD5 | 669dccbc616f846fb3c469d4fda3b463
Red Hat Security Advisory 2017-1162-01
Posted Apr 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1162-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27 Software Collection has been upgraded to version 2.7.13, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-9365
MD5 | f80bdf1620ac051ab16e8406ef77c927
Red Hat Security Advisory 2017-1161-01
Posted Apr 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1161-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-1546, CVE-2016-2161, CVE-2016-8740, CVE-2016-8743
MD5 | d2cdbfc49ae3b71b875790f9786780d9
Debian Security Advisory 3834-1
Posted Apr 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3834-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600
MD5 | 8f751a9db7d285ea320ff93835b91662
Samsung Smart TV Wi-Fi Direction Improper Authentication
Posted Apr 26, 2017
Authored by Neseso Research Team

Samsung Smart TV Wi-Fi allows for unfettered access to rogue devices by strictly whitelisting access via a mac address.

tags | advisory
MD5 | 58ec0513c3f2014bba5be68db49012e3
Ubuntu Security Notice USN-3266-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3266-2 - USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
MD5 | ca7c85f704e2818033ade1fa533fca02
Ubuntu Security Notice USN-3265-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3265-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348, CVE-2017-7374
MD5 | 43807cc3f26e96261a3a1e8c9496dd7b
Ubuntu Security Notice USN-3265-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3265-2 - USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348, CVE-2017-7374
MD5 | 79de1bc5e4243981826245ca0814fd34
Ubuntu Security Notice USN-3266-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3266-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
MD5 | 79a135570a999a39d484424ba2c3a8b9
Ubuntu Security Notice USN-3264-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3264-2 - USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
MD5 | 12fc8c3df1a70551c7a3f818a1dec160
Ubuntu Security Notice USN-3267-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3267-1 - Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-2619
MD5 | 4c2b4e8415fc781834be9b6b48536f4b
Ubuntu Security Notice USN-3268-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-8667, CVE-2016-9602, CVE-2016-9603, CVE-2016-9908, CVE-2016-9912, CVE-2016-9914, CVE-2017-5552, CVE-2017-5578, CVE-2017-5987, CVE-2017-6505
MD5 | b3ac75a6d47394f88d2460f8be9f50ed
Ubuntu Security Notice USN-3264-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3264-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
MD5 | bbd52e655d66e23940c414af28143937
Slackware Security Advisory - mozilla-firefox Updates
Posted Apr 25, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 4e819f40703fba366a3c9904dcbdb538
Debian Security Advisory 3833-1
Posted Apr 25, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3833-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory
systems | linux, debian
advisories | CVE-2016-9821, CVE-2016-9822
MD5 | ce2eb0b882c96fe6fe51ba0aa73ae3f9
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close