[SECURITY] [DLA 772-1] linux security update
Package : linux Version : 3.2.84-1 CVE ID : CVE-2012-6704 CVE-2015-1350 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911 CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9178...
9.8CVSS
8.9AI Score
0.736EPSS
9.8CVSS
7AI Score
0.736EPSS
SUSE SLES11 Security Update : xorg-x11-libXrender (SUSE-SU-2016:3115-1)
This update for xorg-x11-libXrender fixes the following issues : insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002, CVE-2016-7949, CVE-2016-7950) Note that Tenable Network Security has extracted the preceding description block directly...
9.8CVSS
0.3AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.8CVSS
9.4AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.8CVSS
9.1AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.8CVSS
8.8AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.8CVSS
7AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.3AI Score
0.014EPSS
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name...
9.8CVSS
5.3AI Score
0.014EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a...
9.8CVSS
1.3AI Score
0.736EPSS
openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3061-1)
The remote host is missing an update for...
9.8CVSS
7.6AI Score
0.736EPSS
Security update for the Linux Kernel (important)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a...
4.4AI Score
0.736EPSS
openSUSE Security Update : libXrender (openSUSE-2016-1421)
This update of libXrender fixes the following issues : insufficient validation of data from the X server could cause out of boundary memory writes (boo#1003002, CVE-2016-7949,...
9.8CVSS
0.3AI Score
0.014EPSS
Security Advisory - Dirty COW Vulnerability in Huawei Products
In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An.....
7.8CVSS
0.8AI Score
0.879EPSS
Fedora Update for libXrender FEDORA-2016-ade20198ff
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.014EPSS
Fedora Update for libXrender FEDORA-2016-49d560da23
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.014EPSS
Security Advisory - XSS Vulnerability in Huawei eSpace IAD
Huawei eSpace Integrated Access Device (IAD) has a reflected cross-site scripting (XSS) vulnerability. An attacker could trick a user into clicking a URL containing malicious scripts. Then the user's browser may receive a response from the eSpace IAD and execute the malicious scripts. Successful...
6.1CVSS
5.6AI Score
0.001EPSS
A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged...
7.8CVSS
2.7AI Score
0.001EPSS
This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab120.11 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.6.1.el6. The new kernel provides security and stability fixes. Vulnerability id: CVE-2016-1583 Stack overflow via ecryptfs and /proc/$pid/environ. It was found that...
7.8CVSS
3.4AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)
This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...
9.8CVSS
1.1AI Score
0.019EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.8CVSS
7.4AI Score
0.001EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.8CVSS
7.5AI Score
0.001EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.8CVSS
7.4AI Score
0.001EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.8CVSS
6.8AI Score
0.001EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.5AI Score
0.001EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Notes Author| Note ---|--- jdstrand |...
7.8CVSS
3.6AI Score
0.001EPSS
Fedora 25 : libXrender (2016-ade20198ff)
Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
-0.2AI Score
0.014EPSS
Fedora Update for libXrender FEDORA-2016-8877cf648b
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.014EPSS
Linux Network Analyzer: netsniff-ng
Linux Network Analyzer A Swiss army knife for your daily Linux network plumbing netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...
-0.5AI Score
Android Security Bulletin—November 2016
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer....
9.8CVSS
9.4AI Score
0.879EPSS
Fedora 23 : libXrender (2016-49d560da23)
Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
-0.2AI Score
0.014EPSS
9.8CVSS
2.3AI Score
0.014EPSS
New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded. Insufficient validation of data from the X server can...
9.8CVSS
9.2AI Score
0.02EPSS
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had...
7.8CVSS
5.9AI Score
0.001EPSS
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : x11 (SSA:2016-305-02)
New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security...
9.8CVSS
0.3AI Score
0.02EPSS
Two information leak vulnerabilities exist in the ION memory management module of some Huawei mobile phones due to the lack of initialization during memory allocation. (Vulnerability ID: HWPSIRT-2016-09032 and HWPSIRT-2016-09033) These two vulnerabilities have been assigned CVE ID: CVE-2016-8757...
5.5CVSS
5.9AI Score
0.001EPSS
openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)
This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...
9.8CVSS
0.7AI Score
0.019EPSS
Debian DLA-664-1 : libxrender security update
Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially...
9.8CVSS
-0.3AI Score
0.014EPSS
[SECURITY] [DLA 664-1] libxrender security update
Package : libxrender Version : 1:0.9.7-1+deb7u3 CVE ID : CVE-2016-7949 CVE-2016-7950 Debian Bug : 840443 Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers....
9.8CVSS
10AI Score
0.014EPSS
Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially...
9.8CVSS
2.2AI Score
0.014EPSS
SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2505-1)
This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission...
9.8CVSS
1AI Score
0.019EPSS
9.8CVSS
2.3AI Score
0.014EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...
5.5CVSS
4.9AI Score
0.001EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...
5.5CVSS
4.9AI Score
0.001EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...
5.5CVSS
5.1AI Score
0.001EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...
5.5CVSS
6AI Score
0.001EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap...
5.1AI Score
0.001EPSS
Fedora 24 : libXrender (2016-8877cf648b)
Security fix for CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
9.8CVSS
-0.2AI Score
0.014EPSS
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. Notes Author| Note...
5.5CVSS
2.7AI Score
0.001EPSS
9.8CVSS
2.3AI Score
0.014EPSS