CIScan version 1.00 hostname/IP field SEH overwrite proof of concept exploit.
1c1639749211f240dcd240d71ae6baae3868ec116f68c568a80f04dbc1b2b775Debian Linux Security Advisory 3565-2 - This updates fixes a regression introduced in botan1.10 by DSA-3565-1: packages depending on libbotan1.10 needed to be rebuilt against the latest version to function properly.
70b8cbda7bfda9e7216941507884b903eff8d917e9a5df3a690e2e497cd8374cSlackware Security Advisory - New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
c4da51baeb811c7024d5c6795c0b076bea7647f672ffea50e9194da2d6fc2420HP Security Bulletin HPSBUX03574 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause access restriction bypass, authentication bypass, Denial of Service (DoS), unauthorized access to files, access restriction bypass, or unauthorized information disclosure. Revision 1 of this advisory.
3425ca46ec9693308573785c2ac516d648f5b8e32172b2e8f2ba16ba7c8482b9HP Security Bulletin HPSBUX03596 1 - A security vulnerability in Samba was addressed by HPE HP-UX running CIFS Server (Samba). The vulnerability could be exploited resulting in remote access restriction bypass and unauthorized access. Revision 1 of this advisory.
e898f5880922ffdf8c30a8d319996d5b29645af69d70eea364258818e0e6290dDebian Linux Security Advisory 3574-1 - Rock Stevens, Andrew Ruef and Marcin 'Icewall' Noga discovered a heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked into processing a specially crafted ZIP file.
5c7a63f165516bff86da6dfcf9cb9e9abd17ee133b43b69d6f316ed34e7ffb09Red Hat Security Advisory 2016-1019-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process.
628740b7624c1abc6ab198c9f90872c710e83616f8dd9056639180897a122c93Ubuntu Security Notice 2972-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.
8b420ca2da3bd41a15c5a2b68fb3ad054683eab52e549eda69381c0f0666c596Red Hat Security Advisory 2016-0780-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.
74e2b989b3c600a50d525a32a6dc0ba22bf800d2e75ca1cfaf034dede452cefdRed Hat Security Advisory 2016-0760-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.
74c1ca1ed93125f94be406547b097bf1860154407ec1d26cb056d56739aed076Red Hat Security Advisory 2016-0855-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that reporting emulation failures to user space could lead to either a local or a L2->L1 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso and thus an unprivileged user may generate MMIO transactions this way.
04e242034fb3ec62c7605bb20048f0fac25d6bf4a31d5570797bd3c137afe067Red Hat Security Advisory 2016-0778-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. The following packages have been upgraded to a newer upstream version: icedtea-web. Security Fix:
f1234920e2484f170f88b4b6c398cd38d95345eed3bc3411320acf14b6a8b77fRed Hat Security Advisory 2016-0741-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
00e52addfae71f7599c46f84945f6728921c76a58d7ccf320ceccef95da62c08QuickBooks Desktop versions 2007 through 2016 suffers from SQL injection and code execution vulnerabilities.
522210df2f1638a874161c747425539463331fcf2caf494e89043f5ce88c2e80Trend Micro Mobile Security iOS application versions 3.1.1034 and below fail to validate the SSL certificate it receives when connecting to the mobile application login server.
e551b1880ff922cd6c0047e14ee549c65dcc283403e2bdbf2f66d2992a0517bcAndroid Broadcom Wi-Fi driver memory corruption proof of concept exploit.
c4c12cb38e6d2b70be8735e7ec14759ae9fc80ee9eaf6ef89e5d82541843c1e2Skype appears to possibly be susceptible to a content spoofing vulnerability.
1818fa20690442196c2929353bf64fe6a49db93abd0c384a6575fe27f68fa6fdJoomla Event Manager component version 2.x suffers from a cross site scripting vulnerability.
b2b22fefa48cf08c718c9172065b478d23024466d877da760ed560e364b738a2Wordpress BulletProof Security version 53.3 suffers from a cross site scripting vulnerability.
355fd2db564941e22cb266eb97843d68bf8f592f15e9be6a9a9a9155c62fff30
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed