RHEL 6 : kernel (RHSA-2017:0892)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.8CVSS
7.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86:...
8.4CVSS
0.3AI Score
0.047EPSS
Unbreakable Enterprise kernel security update
kernel-uek [3.8.13-118.17.5] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] ...
7.8CVSS
2.1AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[2.6.39-400.294.7] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] ...
9.8CVSS
2.9AI Score
0.048EPSS
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2017:0892 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local,...
7.8CVSS
7.5AI Score
0.001EPSS
Oracle Linux 6 : kernel (ELSA-2017-0892)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0892 advisory. Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service...
7.8CVSS
7.9AI Score
0.001EPSS
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170411)
Security Fix(es) : A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on...
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.3AI Score
0.001EPSS
(RHSA-2017:0892) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline...
7.8CVSS
7.5AI Score
0.001EPSS
GLSA-201704-03 : X.Org: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201704-03 (X.Org: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact : A local or remote users...
9.8CVSS
9.1AI Score
0.02EPSS
kernel security and bug fix update
[2.6.32-696.1.1] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski)...
7.8CVSS
0.9AI Score
0.001EPSS
X.Org: Multiple vulnerabilities
Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...
9.8CVSS
9.3AI Score
0.02EPSS
Tech support scams persist with increasingly crafty techniques
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app.) Millions of users continue to...
6.5AI Score
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1CVSS
6.1AI Score
0.001EPSS
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1CVSS
6AI Score
0.001EPSS
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1CVSS
6.7AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.3CVSS
5.1AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.3CVSS
6.8AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.3CVSS
5.1AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
7CVSS
7AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
7CVSS
6.8AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
7CVSS
6.8AI Score
0.001EPSS
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...
6.8AI Score
0.001EPSS
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...
6.1AI Score
0.001EPSS
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...
5.2AI Score
0.001EPSS
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065) This vulnerability has...
9.8CVSS
3.4AI Score
0.911EPSS
Vulnerable URL: https://www.jdc.fr/espace-partenaires/?part=%3C/script%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 05.12.2017 Latest check for patch:| 05.12.2017 21:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
6.3AI Score
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID:...
10CVSS
9.4AI Score
0.975EPSS
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3207-2)
USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device...
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerabilities (USN-3206-1)
It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free...
7.8CVSS
8.1AI Score
0.001EPSS
Releases Ubuntu 14.04 ESM Packages linux - Linux kernel Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges....
7.8CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Releases Ubuntu 12.04 Packages linux - Linux kernel linux-ti-omap4 - Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or...
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3207-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3207-1 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges...
7.8CVSS
8.2AI Score
0.001EPSS
Linux kernel (Trusty HWE) vulnerabilities
Releases Ubuntu 12.04 Packages linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise Details USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from...
7.8CVSS
8.3AI Score
0.001EPSS
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an...
9.8CVSS
9AI Score
0.736EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before...
3.6AI Score
0.736EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented : The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs...
7.8CVSS
9.3AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs...
4.2AI Score
0.052EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to...
2.6AI Score
0.052EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain...
7.8CVSS
8.9AI Score
0.052EPSS
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...
9.8CVSS
8.8AI Score
0.736EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...
3.3AI Score
0.736EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of...
2.2AI Score
0.736EPSS
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)
The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : CVE-2016-10088: The sg implementation in the Linux kernel...
9.8CVSS
9.4AI Score
0.736EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed: CVE-2016-10088: The sg implementation in the Linux kernel...
3.6AI Score
0.736EPSS
Security Advisory - DoS Vulnerability in Multiple Huawei Products
There is an denial of service (DoS) vulnerability in multiple Huawei products. An attacker with specific permission can craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. (Vulnerability ID: HWPSIRT-2016-07088) This vulnerability has been.....
5.5CVSS
5.4AI Score
0.0004EPSS
Debian DLA-772-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading....
9.8CVSS
8.6AI Score
0.736EPSS