what you don't know can hurt you
Showing 1 - 25 of 32 RSS Feed

Files Date: 2017-03-21

OpenSCAP Libraries 1.2.14
Posted Mar 21, 2017
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: This release provides multiple bug fixes and about ten new features.
tags | protocol, library
systems | unix
SHA-256 | 99100549029c65cf6ad2425ec7f3b189ffb833ad12012e7086e177768f241f33
Red Hat Security Advisory 2017-0621-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0621-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2016-3712
SHA-256 | 5df48be0076ba6570122f9d535844bf11965e06ce3af382946e0d5a48b7e6d85
Red Hat Security Advisory 2017-0574-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0574-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8610, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
SHA-256 | 3e0fbad2d991e3754f3de9773a4b00b3ba45b6d5c193eac6121d81189ab9e730
Red Hat Security Advisory 2017-0565-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0565-01 - OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-8869
SHA-256 | 7ec4a04c9b22cf05a24b055ff0a915044b74d928cafb2a5b4923b92b7dfdb68b
Red Hat Security Advisory 2017-0564-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0564-01 - The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-8869
SHA-256 | 13e2ecc8a13af222de17972b009f4a313cce49b6e9f9523c18baa3b620443535
Ubuntu Security Notice USN-3239-1
Posted Mar 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3239-1 - It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the _IO_wstr_overflow function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5180, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984, CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417, CVE-2016-6323
SHA-256 | a086af7e2dbc01251777d0699eb6cb41c5a2b8b291a0d8d90e74157971b520c5
Red Hat Security Advisory 2017-0817-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0817-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-10088, CVE-2016-10142, CVE-2016-2069, CVE-2016-2384, CVE-2016-6480, CVE-2016-7042, CVE-2016-7097, CVE-2016-8399, CVE-2016-9576
SHA-256 | 597c633d164dd5b659055724a7f94dfa6104bd1ddf58babc8fd4e61d37290908
Ubuntu Security Notice USN-3240-1
Posted Mar 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3240-1 - It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0318
SHA-256 | 2699f0a251a71c47e3720ed4b11d0f247f4f7b4f326059f83a39fbbafbfab3a5
Red Hat Security Advisory 2017-0794-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0794-01 - The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.

tags | advisory, remote, denial of service, overflow, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2236, CVE-2016-1245, CVE-2016-2342, CVE-2016-4049, CVE-2017-5495
SHA-256 | 382a7eb4860c0cafcd06124913757757571d5dd5111b8d10cb82337462076114
Red Hat Security Advisory 2017-0744-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0744-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2125, CVE-2016-2126
SHA-256 | 1ce8166802d57628cd0aacc6d9c34081469c6920c71ff18af394355450dc4b92
Red Hat Security Advisory 2017-0725-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0725-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Security Fix: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.

tags | advisory, arbitrary, shell, local, bash
systems | linux, redhat
advisories | CVE-2016-0634, CVE-2016-7543, CVE-2016-9401
SHA-256 | ec88f4635773f8c357e90336dc5b241990df59544ff8b895b01996472d9147fb
Red Hat Security Advisory 2017-0698-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0698-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic to Red Hat Subscription Management. The python-rhsm packages provide a library for communicating with the representational state transfer interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-4455
SHA-256 | 7ed7a3cd5cca5a76507d1f1a74e96ab9486e5b99469084c67b9095081b236c8f
Red Hat Security Advisory 2017-0680-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0680-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2014-9761, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
SHA-256 | 324d43db935a7ec05e599e403198eb2ed3ce4e5f8890b00bc2368b2c12b3560d
Red Hat Security Advisory 2017-0654-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0654-01 - The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-2616
SHA-256 | 0a6e6561b675d0cda0718db60cdc2b972bac9e81b2d5915d4e6a951edb1a4a6e
Red Hat Security Advisory 2017-0662-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0662-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2125, CVE-2016-2126
SHA-256 | 442935e6a374fb7bc908d12b18c53e8f934e99f5d371e37ea8509b0e862caf86
Red Hat Security Advisory 2017-0641-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0641-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.

tags | advisory, arbitrary, local, root, protocol
systems | linux, redhat, unix
advisories | CVE-2015-8325
SHA-256 | 1e04f6c86073b42f0d6aac48811b28484c12a88852f4aa3a8049cc76fe1f3f41
Red Hat Security Advisory 2017-0631-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0631-01 - The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix: Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4075, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813
SHA-256 | a857a0533e9d54b99d71f61dabbae572e2cb165bdc70df97f720572b2a66cc2b
Red Hat Security Advisory 2017-0630-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0630-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server. Security Fix: A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2016-10207, CVE-2017-5581
SHA-256 | 07f7f8ba8a8df7e79f920eae4fc677b6d156caef1b63841bdec008081b481281
Ubuntu Security Notice USN-3173-2
Posted Mar 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3173-2 - USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8826
SHA-256 | 7c048d77dfb2bf8dbf684be157012eb2dd7edbede534637fe240c791a22cb615
Adium 1.5.10.2 libpurple Code Execution
Posted Mar 21, 2017
Authored by Eryt

Adium version 1.5.10.2 includes a vulnerable version of libpurple that permits for arbitrary code execution on the client.

tags | advisory, arbitrary, code execution
advisories | CVE-2017-2640
SHA-256 | ecda5b423632c41687024c6a3f6d0c1f5e08a999e78e7e3f2993c4210cff312b
SAP NetWeaver UMEADMIN 7.50 Directory Creation
Posted Mar 21, 2017
Authored by Mathieu Geli

SAP NetWeaver UMEADMIN versions 7.00 through 7.50 suffer from a flaw where an authenticated user, via web administration, can trigger directory creation anywhere where the SAP OS user has access.

tags | exploit, web
SHA-256 | 577200dbf4a5c8490c6147ad8f89d5b575f031125524538d758210005cb31e60
Mozilla Firefox Table Use-After-Free
Posted Mar 21, 2017
Authored by Ivan Fratric, Google Security Research

Mozilla Firefox suffers from a table use-after-free vulnerability.

tags | advisory
advisories | CVE-2017-5404
SHA-256 | 467f7a92740d3d939226cb316dd4c5564e04846cf418f83875fb7b601f8b7208
QEMU User-To-Root Privilege Escalation
Posted Mar 21, 2017
Authored by Jann Horn, Google Security Research

QEMU suffers from a user-to-root privilege escalation vulnerability inside a VM due to bad translation caching.

tags | exploit, root
SHA-256 | 74d8a4da2eececbe3a87b250db6f2910fc8e230b7a633005d7eee64a8add2dfd
Microsoft Internet Explorer textarea.defaultValue Memory Disclosure
Posted Mar 21, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer textarea.defaultValue suffers from a memory disclosure vulnerability.

tags | exploit
advisories | CVE-2017-0059
SHA-256 | ac793dbfcfd50f86e76daaec9db6ea8bbe858fab353e8120a1fd34fc827042c7
Microsoft Windows Color Management Crash
Posted Mar 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows Color Management library suffers from a crash vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0063
SHA-256 | d8b5a0f9ed27dd056074d79c0c02c272b69aaf61b79088f8b789acd3cc8dac17
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close