Gentoo Linux Security Advisory 201612-24 - Multiple vulnerabilities were found in Binutils, the worst of which may allow execution of arbitrary code. Versions less than 2.25 are affected.
3c86a9269fa6147d238683731310483d43b4f512ea54b8446d3d85a8cd711871Gentoo Linux Security Advisory 201612-23 - Multiple vulnerabilities have been found in socat, the worst of which may allow execution of arbitrary code. Versions less than 1.7.3.1 are affected.
e31a393b3e01ec886551d18de54334df99dd4e12d9c702c4d63d90e92807421cGentoo Linux Security Advisory 201612-22 - A vulnerability in Coreutils could lead to the execution of arbitrary code or a Denial of Service condition. Versions less than 8.23 are affected.
aadf75b3127408f19da444ed18da07013304be371623e66f15e5ae1db462df50Gentoo Linux Security Advisory 201612-21 - Multiple vulnerabilities were found in SQLite, the worst of which may allow execution of arbitrary code. Versions less than 3.11.1 are affected.
b374696f5679bab08b5310d98075848bdf4bb39d2941f9b1e8c8778e83b69d90Gentoo Linux Security Advisory 201612-20 - A buffer overflow in jq might allow remote attackers to execute arbitrary code. Versions less than 1.5-r2 are affected.
541f6b57037b93b7cf3d5d2f2f6db63b84d07b8374074eac78b3bfffc68047cdHP Security Bulletin HPSBHF03674 1 - A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
7c7293bf6f6050952ade049598c234ee769cc0357ebd1230d65f6bdd3c669692Red Hat Security Advisory 2016-2938-01 - This release of Red Hat JBoss BRMS 6.3.4 serves as a replacement for Red Hat JBoss BRMS 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
ce322c3919a5aa0e316a582034a6ded1e896f6d35c3e0a5938c15532ca9dbee7Red Hat Security Advisory 2016-2937-01 - This release of Red Hat JBoss BPM Suite 6.3.4 serves as a replacement for Red Hat JBoss BPM Suite 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
2109bc63d8639d33c743deeb98f11c52c4c7f841b9bf81cb781a46b1bbc202b2Red Hat Security Advisory 2016-2927-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
66e1ea59d4014df2a4d524614e18002ead15028ade3161134f30e5b4a1e9c414Red Hat Security Advisory 2016-2928-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
0b4663dd1293eea4507798a5759c83e25936795e0709279b272a99329da7448cGentoo Linux Security Advisory 201612-26 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow execution of arbitrary code. Versions less than 2.1.1_p20160922 are affected.
e603e7bd8f6aad416db52f5b77333d0d38e7c1d31ac7f3354f5d11e1a44d5428Gentoo Linux Security Advisory 201612-25 - A vulnerability in CrackLib could lead to the execution of arbitrary code. Versions less than 2.9.6-r1 are affected.
3ab6e0f37c76d3e0f7536e37b12e861e8b29369382ba72842a352c817c7e63ebUbuntu Security Notice 3154-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.
23e1920a16b9445560e5bddeb4e1bfe384398c0701a5807681e3784626881404Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
7adea0bfa17edafd4e09453f4f58a0dca737660e5358f9dafd52d55d55dc6ab3GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
9b50e8a670d5e950425d96935c7ddd415eb6f8079615a36df425f09a3143172eAsterisk Project Security Advisory - The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.
09dc558d0dc500657f84397b2183696f7dff962f91ac1d27039bfe9a9157f5a9Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
83a2396f296801ed2a08e72a969bd88fa43d32d0b7e159e0cbba6bf14421588fMicrosoft Internet Explorer version 9 suffers from an MSHTML CDispNode::InsertSiblingNode use-after-free vulnerability.
391989ad1173c144a4f9597886435a16e0b65b6502cd7fd4d5d45f1b77eada54Netgear R7000 suffers from a command injection vulnerability.
8a3bd3bed526f1b1ea246ef0805d27f0da0e7419534db12188712e2368d99170508 bytes small Windows x64 bind shell TCP shellcode.
033c378fbb4c4aa3050bd53ba4c5a36a47e8578b1899c71cde7dd3d1b6026185Whitepaper called Teaching an Old Dog (not that new) Tricks - Stego in TCP/IP made easy (part-1).
2609fe4c9cec50d8edf00ef147f17aefe8eb757caecfacad445137627a2e39f9A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected.
90a1467cf637291cc20ff682898da4623847a4334964390e03689220dcc9cb16Red Hat Security Advisory 2016-2923-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
60e69b8d92e5e1a763a7e62903cd37fe6dee387abc469f015f3d0a63516347d6Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
d8c13d40032210a719f70376fb50f745ce27eca4d0eb24c5096aaa2ba0e42b44OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.
85813c4a45e54ff563c3ade3e42af0997614ba11790f829f24352c73b552928d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed