Twenty Year Anniversary
Showing 1 - 25 of 185 RSS Feed

Files

HP Security Bulletin HPESBHF03787 1
Posted Oct 31, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03787 1 - Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT products could be exploited to allow Remote Code Execution. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2017-8962, CVE-2017-8963, CVE-2017-8964, CVE-2017-8965, CVE-2017-8966, CVE-2017-8967
MD5 | f8db15af382e8d2d0a3d864bb27f6e51
Sync Breeze 10.1.16 Buffer Overflow
Posted Oct 31, 2017
Authored by Felipe Xavier Oliveira

Sync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2017-15950
MD5 | f4f002630a2eed34a39911ef0c7be183
EMC VMAX Virtual Appliance (vApp) Authentication Bypass
Posted Oct 31, 2017
Authored by rgod | Site emc.com

The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).

tags | advisory, bypass
advisories | CVE-2017-14375
MD5 | 9a386e1d1115910c27491d657ce83626
EMC AppSync Server Hardcoded Password
Posted Oct 31, 2017
Site emc.com

EMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 3.5.0.1 are affected.

tags | advisory
advisories | CVE-2017-14376
MD5 | dd3f1983486012e2da0b473e738f166d
Red Hat Security Advisory 2017-3086-01
Posted Oct 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3086-01 - Red Hat Proxy aStand-Alonea : Systems registered as clients to RHN via a Red Hat Satellite Proxy server are no longer a Red Hat supported deployment, and will no longer function as required.

tags | advisory, web
systems | linux, redhat
MD5 | dedf3ff53a701321de95652ca4bd01c6
Ubuntu Security Notice USN-3468-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-2 - USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | df06e662e7b98fe4fe2458a985e574df
Ubuntu Security Notice USN-3468-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 4569db2c85a86bd1be37d268c85b8268
Ubuntu Security Notice USN-3469-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-1 - Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
MD5 | 7be1da2f9c2f1afabff5768836358115
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 57feca81771640a80be09a58a7bd56a8
Ubuntu Security Notice USN-3469-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-2 - USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
MD5 | ee069ba6ad2d7d27d564a4fb060eba00
Ubuntu Security Notice USN-3468-3
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | d2a254694b05f4588318c858a2ebd55e
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution
Posted Oct 30, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).

tags | advisory
systems | windows
MD5 | 3b1777f8309fb6e91148a1b542d501ef
Ubuntu Security Notice USN-3459-2
Posted Oct 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3459-2 - USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. A Multiple security issues were discovered in MySQL and this update A includes new upstream MySQL versions to fix these issues. A MySQL has been updated to 5.5.58 in Ubuntu 12.04 ESM. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 48cca9251d1ac4a0ba1591e201a98b1d
Red Hat Security Advisory 2017-3082-01
Posted Oct 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3082-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.75. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15396
MD5 | ee548e66c5378b8dfd0563c88477b0f7
Ubuntu Security Notice USN-3464-2
Posted Oct 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3464-2 - USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. A Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of A service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7098, CVE-2017-6508
MD5 | 4290569fb5e2a5604a538c5b43a6bb1f
Ubuntu Security Notice USN-3467-1
Posted Oct 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3467-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
MD5 | 3574f1237068a25a85f435fddd772e9f
Red Hat Security Advisory 2017-3081-01
Posted Oct 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.

tags | advisory, java, web, vulnerability, code execution, info disclosure
systems | linux, redhat
advisories | CVE-2017-12615, CVE-2017-12617, CVE-2017-5647, CVE-2017-7674
MD5 | ed7db0112f16f762e72879e4f791c3a9
Red Hat Security Advisory 2017-3080-01
Posted Oct 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3080-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.

tags | advisory, java, web, info disclosure
systems | linux, redhat
advisories | CVE-2017-12615, CVE-2017-12617, CVE-2017-5647, CVE-2017-5664
MD5 | 66762ee91bc3b19e8d50115d124b3dca
Gentoo Linux Security Advisory 201710-32
Posted Oct 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-32 - Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Versions less than 2.4.27-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788, CVE-2017-9789
MD5 | 6702dea8604021598b7ad6570ac8ea75
Gentoo Linux Security Advisory 201710-31
Posted Oct 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-31 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. Versions less than 1.8.0.152-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | a7c529adfd84fe6fc678b0cdb8e526b3
Gentoo Linux Security Advisory 201710-30
Posted Oct 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-30 - Multiple vulnerabilities have been found in X.Org Server the worst of which could allow a local attacker to replace shared memory segments. Versions less than 1.19.4 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6424, CVE-2017-13721, CVE-2017-13723, CVE-2017-2624
MD5 | c3cded738c906680cb3a502ef39b1721
Gentoo Linux Security Advisory 201710-29
Posted Oct 29, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-29 - Multiple vulnerabilities have been found in Asterisk, the worst of which allows remote execution of arbitrary shell commands. Versions less than 11.25.3 are affected.

tags | advisory, remote, arbitrary, shell, vulnerability
systems | linux, gentoo
advisories | CVE-2017-14098, CVE-2017-14099, CVE-2017-14100, CVE-2017-14603
MD5 | dc6664f1f4febce3a1ec19be4fbf4607
Gentoo Linux Security Advisory 201710-28
Posted Oct 29, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-28 - A vulnerability in Jython may lead to arbitrary code execution. Versions less than 2.7.0-r2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
MD5 | d31b394e4c2951ccc2b6840bc8da2d25
PHP 4.2.0 / 4.2.1 Remote Compromise / Denial Of Service
Posted Oct 27, 2017
Authored by Stefan Esser

PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.

tags | advisory, remote, web, denial of service, php
MD5 | e966da86f2a1eebadb8468cec478394a
RSA Authentication Manager 8.2 SP1 P4 Cross Site Scripting
Posted Oct 27, 2017
Site emc.com

RSA Authentication Manager version 8.2 SP1 Patch 5 contains a fix for a reflected cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, xss
advisories | CVE-2017-14373
MD5 | 21fceb4b6c9ad9829894a924c629d3d0
Page 1 of 8
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Orangeworm Malware Targets Hospitals Worldwide
Posted Apr 26, 2018

tags | headline, malware
Cyber-Attack Website Webstresser Taken Down
Posted Apr 25, 2018

tags | headline, government, denial of service
Suspicious Event Hijacks Amazon Traffic For 2 Hours, Steals Cryptocurrency
Posted Apr 25, 2018

tags | headline, hacker, amazon, fraud, cryptography
Hotel Door Locks Worldwide Were Vulnerable To Attack
Posted Apr 25, 2018

tags | headline, hacker, flaw
Yahoo! Fined $35 Million For Covering Up Security Breach
Posted Apr 25, 2018

tags | headline, hacker, government, privacy, usa, data loss, yahoo
Someone Is Trying To Extort iPhone Crackers GrayShift With Leaked Code
Posted Apr 25, 2018

tags | headline, hacker, phone, data loss, apple
1 Million US Children Affected By Identity Theft Last Year
Posted Apr 24, 2018

tags | headline, usa, cybercrime, fraud, identity theft
The Unpatchable Exploit That Makes Every Current Nintendo Switch Hackable
Posted Apr 24, 2018

tags | headline, hacker, flaw, nintendo
Atlanta Spent At Least $2.6 Million On Ransomware Recovery
Posted Apr 24, 2018

tags | headline, malware, cybercrime, data loss, fraud, cryptography
Police Visit Funeral Home To Unlock Dead Man's Phone
Posted Apr 24, 2018

tags | headline, government, privacy, usa, phone
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close