what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2016-05-05

Ubuntu Security Notice USN-2961-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2961-1 - It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-7455
SHA-256 | 701e44cec1bab032322cc2c8afbd13f26be4c817843c080d7ae44315a450dc57
Ubuntu Security Notice USN-2950-3
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-3 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | 9964099b1f206087f80df7cd7fa0e5270996486fe34e8197537e2d4ab769d4ab
Cisco Security Advisory 20160504-fpkern
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, kernel
systems | cisco
SHA-256 | f71af0aceafd94ea29a500da9d3f98979e46875269911ed675da590ed70b44b9
Cisco Security Advisory 20160504-tpxml
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the XML application programming interface (API) of Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API. A successful exploit could allow the attacker to perform unauthorized configuration changes or issue control commands to the affected system by using the API. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, web
systems | cisco
SHA-256 | 1a9ee629a44c191a23b45a92b4ebde36c0f54a5ad4fd4b4c806fad1f8bb90725
Cisco Security Advisory 20160504-firepower
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 5e764ed9dfa00a567d6a7c6b44144df6ca97e9c1bd9b52d4613de8f4879d0170
Ubuntu Security Notice USN-2950-2
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | c93cbed83234be923370d6ba5d82693b733041d4363045f33e415c791441bba2
Debian Security Advisory 3569-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3569-1 - Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-8312, CVE-2016-2860
SHA-256 | 5350c2a92faea1a018856d55ceeb910ed1a5cb1a1a955764695eac0570e686d5
Debian Security Advisory 3568-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3568-1 - Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2016-4008
SHA-256 | 4f7c001b7918fdd39a5d7274ba1f8cef1164d9f85c0ccba2a5bcc194555b7c57
FreeBSD Security Advisory - FreeBSD-SA-16:17.openssl
Posted May 5, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109
SHA-256 | 182b52531dd70de627d6fe99dbbd9fa0404b54c26fd1b7e6a5ebb96e63de362d
Cisco Security Advisory 20160504-openssl
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. This advisory will be updated as additional information becomes available.

tags | advisory, vulnerability
systems | cisco
SHA-256 | 5a1d26ffa965666042771287e49eabd16666cb21629b1910bc5f2603d13803ea
Debian Security Advisory 3567-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3567-1 - It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2016-4422
SHA-256 | 13a99d95340e817f1b8e1ea5b49769e77dd6effc9f35fd09cb7ea8fdff44b267
Ubuntu Security Notice USN-2964-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2964-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 6bae2763b80a8d7b32d5685bff42586f95d773670b03b3b26026900a3ac7fdf5
Ubuntu Security Notice USN-2963-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2963-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0687, Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427
SHA-256 | 1dc6043b60bef399d9cc5b979104a50ea202d1352f4458598c7f58c7687fd5d6
ManageEngine Applications Manager Build 12700 Information Disclosure / SQL Injection
Posted May 5, 2016
Authored by Saif El-Sherei

ManageEngine Applications Manager build 12700 suffers from information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 9638bd04858f548d97b6c5c4af204f6913898488f0894e3070466dacb592dded
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close