Exploit the possiblities
Showing 51 - 75 of 6,099 RSS Feed

Operating System: RedHat

Red Hat Security Advisory 2017-2913-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2913-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-15010
MD5 | 1bb4f60348aca969b49b49177bbb559a
Red Hat Security Advisory 2017-2912-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2912-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie. Security Fix: Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2017-15010
MD5 | b34cf10bfe50a5eec139fcbdbb2d214d
Red Hat Security Advisory 2017-2911-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2911-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087
MD5 | 827665e961e348671c6b78cd391318d4
Red Hat Security Advisory 2017-2908-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2908-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2017-11499
MD5 | fcced40d7b65fd2217ee8c1369b9741a
Red Hat Security Advisory 2017-2905-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2905-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
MD5 | 0ce1f71a5e8f87f1fa9ff173bbe2f1af
Red Hat Security Advisory 2017-2907-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2907-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | edcca40ca45172f5c3615e808a7cde11
Red Hat Security Advisory 2017-2899-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2899-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-11292
MD5 | 02ed4445c47e4397935369732ee381d4
Red Hat Security Advisory 2017-2904-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2904-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
MD5 | 2ebc502ff20b3b7a01bc99ea1dbd4320
Red Hat Security Advisory 2017-2906-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2906-01 - Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
MD5 | 95a32325af4c7e800d6d722a26eb8460
Red Hat Security Advisory 2017-2889-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2889-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.6 serves as a replacement for Red Hat JBoss BPM Suite 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-7957
MD5 | 5200d954976872fec2daae318c22ab79
Red Hat Security Advisory 2017-2888-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2888-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-7957
MD5 | ba560db4bfdf555a5ec7e31fa1dccc6c
Red Hat Security Advisory 2017-2886-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2886-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Security Fix: An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2016-5483, CVE-2016-8327, CVE-2017-3238, CVE-2017-3244, CVE-2017-3251, CVE-2017-3256, CVE-2017-3257, CVE-2017-3258, CVE-2017-3273, CVE-2017-3291, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3319, CVE-2017-3320, CVE-2017-3331, CVE-2017-3450, CVE-2017-3453, CVE-2017-3454, CVE-2017-3455, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458, CVE-2017-3459, CVE-2017-3460
MD5 | 39f44c1464339d36516c83cdc7db0ccd
Red Hat Security Advisory 2017-2885-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2885-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824
MD5 | 5ecafe04b2150ef20fe62849ca983af0
Red Hat Security Advisory 2017-2882-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2882-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-9798
MD5 | ad9389de508874fed2fa6236f05eaf2a
Red Hat Security Advisory 2017-2869-01
Posted Oct 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-7533
MD5 | fa0b3e7958d614ab26779f8cc15a4624
Red Hat Security Advisory 2017-2863-01
Posted Oct 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2017-7541
MD5 | cb33436c96d42d5db1fc1d2f9574ca72
Red Hat Security Advisory 2017-2860-01
Posted Oct 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2860-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7546
MD5 | 0a8faa8eb363073c722bf0721261f789
Red Hat Security Advisory 2017-2858-01
Posted Oct 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2858-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
MD5 | 104f0352678b86d2e6dc8a411ed3b6cd
Red Hat Security Advisory 2017-2836-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2836-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
MD5 | 73fa822c40b520e870fe529f671622dc
Red Hat Security Advisory 2017-2839-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2839-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
MD5 | 5a88499b74a2e9a96dc2e46d6598f62b
Red Hat Security Advisory 2017-2838-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2838-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
MD5 | 494d9b8aa01332a3095b19a8cffbf831
Red Hat Security Advisory 2017-2837-01
Posted Oct 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2837-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494
MD5 | 54ae2ec79e9d861ebd6b12e28e0058fb
Red Hat Security Advisory 2017-2840-01
Posted Oct 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2840-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
MD5 | fddaa560df7e4b596c1d5f86f114103d
Red Hat Security Advisory 2017-2841-01
Posted Oct 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2841-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
MD5 | e6a0f6b719626626a93e18fbaf6b8039
Red Hat Security Advisory 2017-2832-01
Posted Sep 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2832-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-7805
MD5 | 0f4749ab848cdb5c84287ac569848ffc
Page 3 of 244
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close