Red Hat Security Advisory 2016-0349-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.
c88d42ca9a1a496d0a19c97af8a3e0f8c59e59f48756eadc30fa553294fe6fa9Red Hat Security Advisory 2016-0346-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.
626e91de0cf97d80e4f656138c967affe6b87d3a8368ee901698bde8a6e4a57fCisco Security Advisory - A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a TIME_WAIT state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition. This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device. This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
81766e61e9ea2f14dbbed4c2b4f16f838ecee99b27315464e24df79e86fbee1cCisco Security Advisory - A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by connecting to the affected system using this default account. The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are available.
55054f95b4b6b3eb0b901ebe09515ce4946676316659deee42c3df9546b9408eA vulnerability in the sncc0.sys kernel driver for Secret Net 7 and Secret Net Studio 8 allows for a local privilege escalation attack.
e343078efe3445f7c7ea3a82167060916857343c7de7e117d5ff936103288689Pulse CMS version 4.5.2 suffers from a backup disclosure vulnerability.
b8b358dd78589bcd7aefea266f7f0e7299b629b73e679154f114c523303f4d59Beheshti University of Iran has an endpoint that fails to use TLS when taking in credentials.
da6b34ec6a737b7096dcc54969568a1159a1c248e2b4f6b1f34d4ce074387e94HP Security Bulletin HPSBHF03545 1 - Potential security vulnerabilities identified with Windows running the NVidia Graphics Driver have been addressed in certain HP EliteBook and Zbook Products. The vulnerabilities could be locally exploited resulting in execution of code, Denial of Service (DoS), elevation of privilege, or other impacts. Note: In addition to the CVE vulnerabilities referenced below, this update also addresses the "MS_Detours_Security_Update_For_Nvidia_Driver" vulnerability where the Nvidia driver has an unpatched Microsoft Detours library that limits the effectiveness of OS Security features such as ASLR, DEP and SafeSEH. Depending on the security context of the target system, malicious code attacks can result in loss of information, denial of service, or full system compromise. Revision 1 of this advisory.
f118993bc418f60effd30bc977f6b18eb1c3c8b8170ad3977e0897c320619ecc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed