ignore security and it'll go away
Showing 1 - 25 of 2,576 RSS Feed

Protocol Files

Apple PCIe Message Ring Protocol Race Conditions
Posted Sep 22, 2017
Authored by Google Security Research, laginimaineb

The Apple PCIe Message Ring protocol suffers from multiple race conditions that can lead to out-of-bounds read and writes.

tags | advisory, protocol
systems | apple
advisories | CVE-2017-7115
MD5 | bcd86287d34d775562104062a30c316c
Red Hat Security Advisory 2017-2778-01
Posted Sep 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2778-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2017-2619, CVE-2017-9461
MD5 | a2223c4fb9976c36e1cdf43e8720d475
Red Hat Security Advisory 2017-2791-01
Posted Sep 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2791-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12163
MD5 | 48157316bb57da5482376daa7dbb1bb4
Red Hat Security Advisory 2017-2790-01
Posted Sep 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2790-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
MD5 | d4cd7c1e7b87af03b00efb105c06a969
Red Hat Security Advisory 2017-2789-01
Posted Sep 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2789-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12163, CVE-2017-2619
MD5 | 42449782380867ff25b1a51637aab36e
TestSSL 2.9.5
Posted Sep 21, 2017
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Various improvements and updates.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 6cc8311416eafc70b08f54534b6f29d3
Red Hat Security Advisory 2017-2727-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2727-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265
MD5 | 3b79bea0ae6b5f934f26a81fc17ee4d1
Red Hat Security Advisory 2017-2698-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2698-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9265
MD5 | 17dd9eac990782eb8ec6ab66a30060d8
Red Hat Security Advisory 2017-2685-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2685-01 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files. Security Fix: An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2017-1000250
MD5 | d7daa5eb66a7ba054d535345c7e6adb7
Ubuntu Security Notice USN-3413-1
Posted Sep 13, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3413-1 - It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information.

tags | advisory, protocol, info disclosure
systems | linux, ubuntu
advisories | CVE-2017-1000250
MD5 | 529421b638ac4fbb77c3229b47b374bd
Red Hat Security Advisory 2017-2692-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2692-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9265
MD5 | 7c19a66296d7fafae4b4600d1fef8643
Red Hat Security Advisory 2017-2665-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2665-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9265
MD5 | c17769c8668cc43a2a091c90427cf681
Red Hat Security Advisory 2017-2648-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2648-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS. In Open vSwitch, while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265
MD5 | abc3c45ab7bf7fe6b5c20fe9a3c12638
Red Hat Security Advisory 2017-2569-01
Posted Sep 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2569-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-7551
MD5 | 64715988178cc7260107516288e0be78
HP Security Bulletin HPESBGN03765 2
Posted Aug 31, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03765 2 - A security vulnerability in the DES/3DES block ciphers used in the TLS protocol could potentially impact HPE LoadRunner and HPE Performance Center resulting in remote disclosure of information. This is also known as the SWEET32 attack. Revision 2 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 4eba285b9fec68b131daf50a419b7b69
Red Hat Security Advisory 2017-2563-01
Posted Aug 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2563-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2016-6210
MD5 | 8a4849c1f8b09539436d05406ea362fc
Wireshark Analyzer 2.4.1
Posted Aug 30, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 22b925108e0b65d6560f0af161157266
Red Hat Security Advisory 2017-2553-01
Posted Aug 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2553-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS. In Open vSwitch, while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9265
MD5 | a245095243e9ac3a036b47967af42601
Red Hat Security Advisory 2017-2538-01
Posted Aug 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2538-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. Security Fix: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.

tags | advisory, remote, web, imap, protocol
systems | linux, redhat
advisories | CVE-2017-7529
MD5 | bda036ceec782c1988229b248613f104
Ubuntu Security Notice USN-3404-2
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-7487
MD5 | a970f8e5eb195519cf353a052dfb1002
Ubuntu Security Notice USN-3404-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-7487
MD5 | 0c10766d1d75847f4d3bc58da124b0a0
OpenSCAP Libraries 1.2.15
Posted Aug 25, 2017
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: This release provides new features and bug fixes.
tags | protocol, library
systems | unix
MD5 | 818ceb7ddbc692f4a4904d1d21e4395e
Red Hat Security Advisory 2017-2533-01
Posted Aug 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2533-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2016-2775
MD5 | a7e8d1df8b2cdcf42e5dc341a684d148
Red Hat Security Advisory 2017-2493-01
Posted Aug 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2493-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-6304, CVE-2016-8610, CVE-2017-5647, CVE-2017-5664
MD5 | c91f004dfb6ea550cac658c237092cad
Red Hat Security Advisory 2017-2494-01
Posted Aug 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2494-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-6304, CVE-2016-8610, CVE-2017-5647, CVE-2017-5664
MD5 | 1c2b50089538626a94105f55b035f73a
Page 1 of 104
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close