Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3537)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3537 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by...
0.3AI Score
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3538)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3538 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...
9.3AI Score
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0060)
The remote OracleVM system is missing necessary patches to address critical security updates : block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530]...
0.1AI Score
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain...
7.9AI Score
OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)
The remote OracleVM system is missing necessary patches to address critical security updates : uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] ksplice: add sysctls for determining Ksplice features. (Jamie Iles) signal: protect SIGNAL_UNKILLABLE from unintentional ...
7.3AI Score
CentOS 6 : kernel (CESA-2017:0892)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.6AI Score
7.2AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86:...
8.4CVSS
0.3AI Score
0.025EPSS
RHEL 6 : kernel (RHSA-2017:0892)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.6AI Score
Unbreakable Enterprise kernel security update
[2.6.39-400.294.7] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] ...
9.8CVSS
2.9AI Score
0.048EPSS
Unbreakable Enterprise kernel security update
kernel-uek [3.8.13-118.17.5] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] ...
7.8CVSS
2.1AI Score
0.001EPSS
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2017:0892 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local,...
7.5AI Score
0.001EPSS
Oracle Linux 6 : kernel (ELSA-2017-0892)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0892 advisory. Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service...
7.9AI Score
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170411)
Security Fix(es) : A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on...
7.5AI Score
7.3AI Score
0.001EPSS
(RHSA-2017:0892) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline...
7.8CVSS
7.5AI Score
0.001EPSS
GLSA-201704-03 : X.Org: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201704-03 (X.Org: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact : A local or remote users...
9.1AI Score
kernel security and bug fix update
[2.6.32-696.1.1] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski)...
7.8CVSS
0.9AI Score
0.001EPSS
X.Org: Multiple vulnerabilities
Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...
9.3AI Score
0.02EPSS
Tech support scams persist with increasingly crafty techniques
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app.) Millions of users continue to...
6.5AI Score
6.3AI Score
0.001EPSS
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1CVSS
6.7AI Score
0.001EPSS
5.3AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.3CVSS
6.8AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
7CVSS
7AI Score
0.001EPSS
6.8AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
6.9AI Score
0.001EPSS
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.2AI Score
0.001EPSS
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065) This vulnerability has...
3.4AI Score
0.911EPSS
Vulnerable URL: https://www.jdc.fr/espace-partenaires/?part=%3C/script%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 05.12.2017 Latest check for patch:| 05.12.2017 21:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
6.3AI Score
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID:...
9.4AI Score
0.975EPSS
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3207-2)
USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device...
8.1AI Score
Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerabilities (USN-3206-1)
It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free...
8.1AI Score
Releases Ubuntu 14.04 ESM Packages linux - Linux kernel Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges....
7.4AI Score
0.001EPSS
Releases Ubuntu 12.04 Packages linux - Linux kernel linux-ti-omap4 - Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or...
8.1AI Score
0.001EPSS
7.4AI Score
0.001EPSS
7.4AI Score
0.001EPSS
7.4AI Score
0.001EPSS
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3207-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3207-1 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges...
8.2AI Score
Linux kernel (Trusty HWE) vulnerabilities
Releases Ubuntu 12.04 Packages linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise Details USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from...
8.3AI Score
0.001EPSS
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an...
9AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before...
3.6AI Score
0.823EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented : The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs...
9.3AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs...
4.2AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to...
2.6AI Score
0.052EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain...
8.9AI Score
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...
8.8AI Score
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...
3.3AI Score
0.823EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of...
2.2AI Score
0.823EPSS