Ubuntu Security Notice 2974-1 - Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. Various other issues were also addressed.
17f7d26242cade4510f2fd199babbc3cc8a952a96c7f7115e5543fef485ef4ebRed Hat Security Advisory 2016-1033-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.
e45c138b2753829dc79e684567547bf112b96c0a9432a870efadd6e45bd1a03cRed Hat Security Advisory 2016-1051-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt. This version provides a number of bug fixes and enhancements, including: [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
21c5265b59b451a5ddb26d9e008c07b346c9eea16e7069c9a77e2104a9ab8465Red Hat Security Advisory 2016-1055-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt. This version provides a number of bug fixes and enhancements, including: [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
b8c554fc25788fff5ae196c0632ab105d3e249701f8eeebf038112421b13b337Red Hat Security Advisory 2016-1041-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
848e50dd05b02ebc5fa7c8d2366d91b0c6c75b09e63d65e61f63225511c634d3HP Security Bulletin HPSBST03599 1 - A vulnerability in OpenSSH has been addressed by HPE 3PAR OS. The vulnerabily could be exploited remotely resulting in Denial of Service (DoS) or access restriction bypass. Revision 1 of this advisory.
dcbf23693e00cc87e0d7a56b5f156d9fe94676372e94f76928032bb1e2994873HP Security Bulletin HPSBST03598 1 - HPE 3PAR OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
825e2f051ab86891da30d118b79183bb3ced947bf7f0859a92642c397d8dc78fHP Security Bulletin HPSBST03586 1 - A potential security vulnerability has been identified in HPE 3PAR OS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
892de0a6051d8846816ee65ef834575a37ad8278937cbce1b677d0672a47f81eHP Security Bulletin HPSBNS03581 2 - Security vulnerabilities in Samba could potentially impact HPE NonStop Servers. These vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in Denial of Service (DoS), arbitrary file deletion, disclosure of sensitive information, unauthorized access, or unauthorized modification of file or database. Note: This product is NOT affected by the 'Badlock' vulnerability (CVE-2016-2118). Affected RVUs: L15.02 - L15.08.01 J06.04 - J06.19.02 H06.15 - H06.29.01. Revision 2 of this advisory.
6b0082fd7f37e552c769701731fdd34dacf275ac5fedd65c3208c4d6aa075ec3HP Security Bulletin HPSBHF03592 1 - Several potential security vulnerabilities have been identified in the OpenFlow Virtual Appliance (OVA) version of the HPE VAN SDN Controller using OpenSSL which could be exploited remotely to allow Denial of Service (DoS), unauthorized disclosure of information, and unauthorized modification of information. Revision 1 of this advisory.
034fac9d639f999dd1ac333a177536ca76a9567fe5bfd2edf74d7dbd4e25500bRed Hat Security Advisory 2016-1025-01 - PCRE is a Perl-compatible regular expression library. Security Fix: Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code.
b2b35b4379b6f976409d37d4c2a6be0a872ba2f001636d92ba874517e52302c6Red Hat Security Advisory 2016-1039-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
23437a8e2c5a6003189c90a47bf75beebee08cb7e18f9d03faab10dca83f9b07Red Hat Security Advisory 2016-1038-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file. If you believe that the password in this file has been viewed by an attacker you should reset the password after installing this update.
0f6ada522b29005254d6c213f255a5dde69b0af5fbc50174ee12a45ce6cee756Huawei Mobile Broadband HL Service versions 22.001.25.00.03 and below are vulnerable to a DLL side loading attack allowing normal unprivileged users to gain full SYSTEM access.
2563ce6275ba1108791f8d13204c1f460cd819b171ba0d2cbc4d69e26b85e5ddASP webshell backdoor designed specifically for IIS 8.
a44d9c6790e87fa2491d5b551491b6c414d55452959ef3a48cf31d639af39609Core FTP Server 32-Bit build 587 heap overflow denial of service exploit.
fdc372a0780e2521678e1599b9d2a6f1d4d695379cf95f8f655f26ccef873f6bAdobe Reader DC versions 15.010.20060 and below memory corruption proof of concept exploit.
8b4ce0368271005db67d2e3f262d808e9b0654c8d487017bf71bd7bc168bb853Ipswitch WS_FTP LE version 12.3 search field SEH overwrite proof of concept exploit.
a06e22815ff2158c61a05fcfe0d360b6411bfee1bc6b430d27f315d4ee52f7b1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed