Exim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.
c8b37f6ba0c1a3bd66f5d17781dd1c98a33edc213484ca6db8095fef81937ebcCisco Security Advisory - A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
950c7aa717066ed5bc50159e37305000d57c26a4941319069246006e96220df1Cisco Security Advisory - A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
76ce7781e56037d70712a157cb7fe3f3344068293f9a02489433bf521eb2d369Cisco Security Advisory - A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service (DoS) condition. The vulnerability is due to improper handling, processing, and termination of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to management-enabled interfaces of an affected system. Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.
daf4ac066b83565ccad1bcb5481f83420c0e44801325bb0b0954af7ecd69a860Gentoo Linux Security Advisory 201603-5 - Multiple vulnerabilities have been found in both LibreOffice and OpenOffice allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.4.2 are affected.
1caa5f0fadbede70eaa3440aefbb5a6d062ca6743fb82a11f2b66ee4728ee244Red Hat Security Advisory 2016-0429-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.87, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
2c6a4f407294345dc05ee997e0c103790841c05ee18d89cdbdfc83fa360bd7acRed Hat Security Advisory 2016-0428-01 - The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
168603a34575daca2c9feabf8983b744a5c177dc54cea173ce2541a6d2a36869Gentoo Linux Security Advisory 201603-4 - The fusermount binary in FUSE does not properly clear the environment before invoking mount or umount as root that allows a local user to overwrite arbitrary files. Versions less than 2.9.4 are affected.
7f349aeb4d93dedf1af9154ffe4df03c5bbc6168335bf94f5ad2a86606f8a31fRed Hat Security Advisory 2016-0426-01 - The Red Hat Support plug-in for Red Hat Enterprise Virtualization offers seamless integrated access to Red Hat subscription services from the Red Hat Enterprise Virtualization administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that redhat-support-plugin-rhev passed a user-specified path and file name directly to the command line in the log viewer component. This could allow users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.
ee4ebca79af75ca3b8925d38b181ea3e6b78604be736b6bd0c2cf744c05e0463Debian Linux Security Advisory 3509-1 - Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails.
5787b07b986aaaac58081311ae8b2f698792ad1a872a6cff1a7b299f52078c1bDebian Linux Security Advisory 3510-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwriting local files.
961e8bbdb6524dd255af4d70d48fae78abd709cc6d7a95dcd0c49607567cfddeRed Hat Security Advisory 2016-0379-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
1cc214b641b5bda32f5dc10666b2a6b70654295af330c0b73323cea0e135646cUbuntu Security Notice 2925-1 - It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. It was discovered that Bind incorrectly parsed resource record signatures for DNAME resource records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
3aa6a07f637cc432421b376bd31d190fe407fec57ba0f2b15c7c6dae8ebd44a6Cisco Security Advisory - A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
bb17842d42bcb884206241a3bd3b4037691957d62cadb4275c56eeeac3ee5fd8Ubuntu Security Notice 2924-1 - Francis Gabriel discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
561cc6e76e55b23e3dcd1e05ba5c6ec0b2a19ba4451bfeb4f7a9e6ea8498b41b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed