Exploit the possiblities
Showing 101 - 125 of 67,195 RSS Feed

Advisory Files

Ubuntu Security Notice USN-3477-3
Posted Dec 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-3 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 998ce8623ace567ce271665c533d0819
CEMLink 6 Unrestricted WSDL Service Access / Poor Crypto Implementation
Posted Dec 1, 2017
Authored by Konstantinos Alexiou

CEMLink 6 suffers from having unrestricted WSDL service access and a weak mechanism for password storage.

tags | advisory, bypass
MD5 | 52fe0bdeec2533e61add0b221c0b0bac
Apple Security Advisory 2017-11-29-1
Posted Dec 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-11-29-1 - An attacker may be able to bypass administrator authentication without supplying the administrator's password. A logic error existed in the validation of credentials. This was addressed with improved credential validation. suffers from a bypass vulnerability.

tags | advisory, bypass
systems | apple
advisories | CVE-2017-13872
MD5 | a5ad2ec239aa4e0cd5eb27969a213709
Cisco WebEx Network Recording Player DoS / Code Execution
Posted Dec 1, 2017
Authored by Cisco Systems | Site cisco.com

Cisco has released an advisory detailing code execution, out of bounds, and denial of service vulnerabilities in the WebEx Network Recording Player.

tags | advisory, denial of service, vulnerability, code execution
systems | cisco
advisories | CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371, CVE-2017-12372
MD5 | c233dabd1d7ffe8721215530840fdb53
Red Hat Security Advisory 2017-3315-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3315-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000380
MD5 | c6deefc9da0e4d1b74ae35f471f65323
Debian Security Advisory 4052-1
Posted Nov 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4052-1 - Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

tags | advisory, remote, arbitrary, shell
systems | linux, debian
advisories | CVE-2017-14176
MD5 | 0fa35f0a8b504f19587654a03b18d2bc
Red Hat Security Advisory 2017-3368-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3368-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-14167, CVE-2017-15289
MD5 | 9474270d0ea79b3fd023bc253760072a
Red Hat Security Advisory 2017-3369-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3369-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-11334, CVE-2017-14167, CVE-2017-15289
MD5 | 57bf7460ccab830ab0da964b1ef0895f
Debian Security Advisory 4051-1
Posted Nov 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4051-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-8816, CVE-2017-8817
MD5 | 30629e6a7129e1198a95399886ab8925
Red Hat Security Advisory 2017-3295-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000380
MD5 | 337af38a963b49cab2ac004afdca7cc8
Red Hat Security Advisory 2017-3354-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3354-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.7 serves as a replacement for Red Hat JBoss BRMS 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-5637, CVE-2017-7545
MD5 | bea03200b017702d57bd806e0f75bde3
Red Hat Security Advisory 2017-3355-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3355-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.7 serves as a replacement for Red Hat JBoss BPM Suite 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-5637, CVE-2017-7545
MD5 | 956c075ee56a50e2b833629ff7d8ac28
Red Hat Security Advisory 2017-3322-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3322-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000380
MD5 | cc374bcc224e6f2ca3a852bedb45c95c
Red Hat Security Advisory 2017-3335-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3335-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.

tags | advisory
systems | linux, redhat
MD5 | f9acff00c7eab616aed557e57acb03a0
Debian Security Advisory 4050-1
Posted Nov 29, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4050-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597
MD5 | 412df3dde45b3de5f7c25b9cd59d6b2e
Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
MD5 | bc9f76c16c2234a3266f91910a0c367f
Kernel Live Patch Security Notice LSN-0032-2
Posted Nov 29, 2017
Authored by Benjamin M. Romer

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-14140
MD5 | 7da09c1aeaae77a18335cfc81f24b94c
Ubuntu Security Notice USN-3499-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3499-1 - It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-16944
MD5 | 76413a0a0b86941ed4c9ab6ea5adcb1a
Ubuntu Security Notice USN-3501-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3501-1 - It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16612
MD5 | dcb5463838fcb70c44bb92e443ba7eea
Ubuntu Security Notice USN-3500-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3500-1 - It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-16611
MD5 | 2b2de1eb031ae49f268ff9aee4ea6ea6
Hipchat Data Center / Hipchat Server Code Execution / SSRF
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat Data Center and Hipchat Server suffer from server-side request forgery and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2017-14585
MD5 | e2f2ba4acc611b0394376429fc3f7a13
Ubuntu Security Notice USN-3498-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3498-1 - Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-8816, CVE-2017-8817
MD5 | 41cead7dc230ab023b565d109b9d6985
Ubuntu Security Notice USN-3497-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3497-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 8d8eb129033011bab0cea2ab92f4f64c
Red Hat Security Advisory 2017-3278-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3278-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2017-14746, CVE-2017-15275
MD5 | 0a2de761d1524893f664239d79f4b1a6
Red Hat Security Advisory 2017-3277-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3277-01 - The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix: A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2017-1000198, CVE-2017-1000199, CVE-2017-1000200, CVE-2017-1000201
MD5 | 60d0bc3e1239871d8a46ec7c89c07b68
Page 5 of 2,688
Back34567Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close