Exploit the possiblities
Showing 1 - 25 of 180 RSS Feed

Files

Ubuntu Security Notice USN-3305-1
Posted May 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3305-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0350, CVE-2017-0351, CVE-2017-0352
MD5 | 86c30f0580cd7c439b68a225c2ba0469
Red Hat Security Advisory 2017-1367-01
Posted May 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1367-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2016-4457, CVE-2017-2639
MD5 | 2cc36a54f3b8776f87f8d5727094be06
Red Hat Security Advisory 2017-1372-01
Posted May 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1372-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-6214
MD5 | 537865e334898c109836d0adc5303dba
Red Hat Security Advisory 2017-1382-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
MD5 | 6dbf0fc27ca09e1dd7ae21daf0265614
Red Hat Security Advisory 2017-1381-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
MD5 | fe603b76cbd6e5dbdaf3b6098d19c8d5
Ubuntu Security Notice USN-3304-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000367
MD5 | c64617cb61ac5cfaf80a0f5198674a73
Debian Security Advisory 3867-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2017-1000367
MD5 | 11c5b86698e660269acf2d0a6591dfa5
Gentoo Linux Security Advisory 201705-15
Posted May 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000367
MD5 | 50dbb311c107f01cd173cbf1c479dcf4
Ubuntu Security Notice USN-3212-2
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3212-2 - USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | b1541180d4f9a3a4648f847e91a05154
Ubuntu Security Notice USN-3302-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3302-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7942, CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350, CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142, CVE-2017-9143, CVE-2017-9144
MD5 | b6c872cc20c26060e9ab919df9513f12
Ubuntu Security Notice USN-3303-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3303-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-2496, CVE-2017-2510, CVE-2017-2539
MD5 | 5bef6c3431fc241e7202efca881ef4de
Ubuntu Security Notice USN-3301-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3301-1 - It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-9022, CVE-2017-9023
MD5 | f36a6056de4656ac6e149af21daeb9f5
Debian Security Advisory 3866-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3866-1 - Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-9022, CVE-2017-9023
MD5 | e141168c88faa0836967ffd625995f62
Red Hat Security Advisory 2017-1364-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1364-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7502
MD5 | 3e36105d4d6b1e6240db73cfc5435a01
Red Hat Security Advisory 2017-1365-03
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1365-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7502
MD5 | d84895835cddf679339ba8d2909c9918
Debian Security Advisory 3865-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3865-1 - It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

tags | advisory
systems | linux, debian
advisories | CVE-2017-7650
MD5 | 9f2b79dd70fc502769aa1cebfdde6ba6
Red Hat Security Advisory 2017-1363-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1363-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
MD5 | 16b3bf7abbea67fd1d8414b653c868ed
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
Posted May 29, 2017
Authored by Florian Bogner

Acunetix Web Vulnerability Scanner 11 suffers from multiple local privilege escalation vulnerabilities.

tags | advisory, web, local, vulnerability
MD5 | 8287d902a52c6f50355d39a24e2b843b
Libming 0.4.8 Denial Of Service
Posted May 28, 2017
Authored by qflb.wu

Libming version 0.4.8 suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2017-8782
MD5 | 4244de5a4d322510400905914ca3db5b
WebKitGTK+ Code Execution / DoS / UXSS
Posted May 27, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
MD5 | b14cd9d7fa2fef7e690a45930f9d4746
Microsoft Security Bulletin CVE Update For May, 2017
Posted May 27, 2017
Site microsoft.com

This bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.

tags | advisory
advisories | CVE-2017-0223, CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
MD5 | d48f3ba8d2027f61b6bc04c3fa0559d4
Veritas Backup Exec Remote Agent For Windows Use-After-Free
Posted May 27, 2017
Authored by Matthew Daley

Veritas Backup Exec Remote Agent for Windows suffers from a use-after-free vulnerability. All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, and Backup Exec 2014 14.1.1187.1126 are affected.

tags | advisory, remote
systems | windows
advisories | CVE-2017-8895
MD5 | a2f19b80d629adbcdd824fab754c16dc
Ubuntu Security Notice USN-3300-1
Posted May 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3300-1 - Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.

tags | advisory, local
systems | linux, unix, ubuntu
advisories | CVE-2017-9232
MD5 | 122108d3e4e85403cf70b4953c9c7dd5
HP Security Bulletin HPESBHF03730 1
Posted May 27, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
advisories | CVE-2017-5647, CVE-2017-5824, CVE-2017-5825, CVE-2017-5826, CVE-2017-5827, CVE-2017-5828, CVE-2017-5829
MD5 | 400a1bf074861dc3b0aaf57d0d05eeb7
HP Security Bulletin HPESBHF03754 1
Posted May 27, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03754 1 - A potential security vulnerability has been identified in HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor. The vulnerability could be remotely exploited to allow access restriction bypass. **Note:** On May 1st, 2017, Intel disclosed a new vulnerability with their Intel Manageability Firmware which is utilized on some systems containing Intel processors. This vulnerability allows an unprivileged network or local attacker to gain control of the remote manageability features of Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) platforms. Do not attempt to upgrade the ME FW without following the instructions detailed in the Resolution section. Refer to the "Platform Specific Information" section in the Resolution for more specific information on upgrades for specific ProLiant servers. Revision 1 of this advisory.

tags | advisory, remote, local
advisories | CVE-2017-5689
MD5 | a1c06eb8d761ed73f80c9427b1fb43e4
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close