Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
80a58f02623e95da8689da9538895098353dd070c3236abd99ed9c8a25d8724enullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 3rd through the 4th, 2017.
7c5ac5df54269c8cfd18f4f4a6005fba665076f31ee54a60e88c251bbc654fcfRed Hat Security Advisory 2016-1773-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure.
d21a44fcf349a12558e1bf494277c24c60b24dd0894fb71b09edaef3e3d7f9e4Red Hat Security Advisory 2016-1763-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
b936c597f2b38222b536ed0b72d6892520736086fdf90ec2bb052711f97d3675Ubuntu Security Notice 3068-1 - Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Hanno Boeck discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. Various other issues were also addressed.
8fc65e056c00aacb74043701fa23c5a3940d45a27528289ab166ee40c36e2a52Ubuntu Security Notice 3067-1 - Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that HarfBuzz incorrectly handled certain length checks. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. Various other issues were also addressed.
a4562fc8ba877daedc2e5dd13519fd488619bc5d93df56679621a15de2fa32c7AlienVault USM/OSSIM version 5.2 suffers from a cross site scripting vulnerability.
52d6e5998255d0e9741227d3f9f592c61f60e95789c4df2d2c3f1ba5af0dbda1Red Hat Security Advisory 2016-1756-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
ee2a907a02311463c8bfdc49dca292045a8a802656502a0b7229331d7c4a4137Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
81c47dd800315bdd57989d4822cd2882054bbb17120a80fbc0602fb991db554echatNow version 0.0.0 suffers from a cross site request forgery vulnerability.
e5a220b856eb02e0a3d9bf17f7278383790b12d4c7e7b57f62066c00691e886dchatNow version 0.0.0 suffers from a cross site scripting vulnerability.
395b0c15770e24ecb0b7fe0896debf9177d1d4c9c933901913b627c48de11fabSimplePHPQuiz suffers from a remote blind SQL injection vulnerability.
cf0515d4feeb9e73981e68b0f36f7a9643ae21e7ee948896683bff58c5703ee3VMware Security Advisory 2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues.
10ce356485ee77b9cf3bc4ec235b364612bdc4d6ed152da245e7a1e17db10900Red Hat Security Advisory 2016-1664-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
b542c16421a0053cf74470ceee19661e1c59fcea30d437e8dabde33c44a48c25Red Hat Security Advisory 2016-1657-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
4043f793bb96834574d7f4614976b19cff587e4500e977d8646b0c4f8fcb4824
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed