Red Hat Security Advisory 2016-0024-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.
5e0c3c6dc7d454657950f76fcf7f8a7193a45b84c6fe39b7cf9a405bdfa5ce2dUbuntu Security Notice 2867-1 - It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
81de5061f01fc900a3f9b5fe66332907d17877a48a0c25d90b22b5288c911ff4FingerTec devices have a default root password that allows for remote enrollment.
a8567f878bdec6acc2d742b90abb6aaff946e2de70df870e144ec1b61be4cd74Fortigate OS versions 4.x through 5.0.7 remote ssh backdoor exploit.
a6cb5b8879467e7da5b5599021a3f5539a788338077fca13d3cdc9dbc1a78fa4It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.
5506ab0759c338b846f6d5d261e281702e49edfdeeab4fa19b87507f6ba7fb37This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.
447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18This bulletin summary lists nine released Microsoft security bulletins for January, 2016.
0ddedfcbe5b715ca627576a334b69f3f28cbb032a8f329faa7f8c98ec7fa8e52There exists a buffer underflow vulnerability in devenum.dll!DeviceMoniker::Load when attempting to null terminate a user supplied string.
0009209c1eb7f9ca7d1c5807f6812a7afe78a223f9e3594c10f96feea0470acdWordPress Symposium Pro Social Network plugin version 16.1 suffers from a cross site scripting vulnerability.
6a2d0425b1719d1186fb0e34fa724654e3fda7953b4c25a65931591a9dc7cf00When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute().
53073638c8c75e9a351656a4dcd7d53e7dbf2acdea0e8d44f29494b8f842d950
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed