169 matches found
Improper Access Control
The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...
Integer Overflow
The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...
Virtuozzo Linux Errata and Bugfix Advisory 2019:0728
Upstream security update. Follow RHBA-2019:0728 for details...
Visual Studio CVE-2019-0728 Remote Code Execution
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the current-user. Failed exploit attempts will likely result in denial of service conditions. Mitigations Microsoft has not...
CVE-2019-0728
CVE-2019-0728 describes a remote code execution vulnerability in Visual Studio Code: if the editor processes environment variables when a project is opened, an attacker could run arbitrary code in the current user context. Exploitation requires user action to clone a repository and open it in VS ...
CVE-2019-0728
creationtimestamp| type| source ---|---|--- 2019-02-13 14:35:53+00:00| seen| MISP/5c642a56-2440-4af0-8bfd-6e4a0a021402...
RHEL 6 : rubygem packages (RHSA-2013:0728)
This update fixes one security issue in multiple rubygem packages for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security Bulletin: Vulnerability in Linux Kernel affects PowerKVM (CVE-2016-0728)
Summary A Linux Kernel privilege escalation vulnerability affects PowerKVM. Vulnerability Details CVEID: CVE-2016-0728 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the joinsessionkeyring function in...
Security Vulnerabilities Addressed in Asset and Service Mgmt
Abstract Security Bulletin: Vulnerabilities in Maximo Asset Mgmt, Tivoli Asset Mgmt for IT, Tivoli Service Request Mgr, Change and Configuration Mgmt Database, and SmartCloud Control Desk. See Details for CVE IDs. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0714, CVE-2012-0727, CVE-2012-0728,...
CVE-2017-0728
A denial of service vulnerability in the Android media framework hevc decoder. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795...
CVE-2017-0728
CVE-2017-0728 is a denial-of-service vulnerability in the Android media framework, specifically the HEVC decoder. Affected products/versions: Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The issue is classified as DoS in the Media framework with absence of explicit exploit details in the ...
SUSE-SU-2016:0756-1 Security update for kernel live patch 7
This kernel live patch for Linux Kernel 3.12.44-52.18.1 fixes two security issues: Fixes: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962078. - CVE-2013-7446: Use-after-free vulnerability in net/unix/afunix.c...
Fedora 22 : kernel-4.3.4-200.fc22 (2016-5d43766e33)
Update to latest upstream stable release, Linux v4.3.4. Elan touchpad fixes. ---- Update to 4.3.y stable series. Fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatical...
Fedora 23 : kernel-4.3.3-303.fc23 (2016-b59fd603be)
Backported i915, networking, and nouveau fixes tagged for stable from 4.4 upstream. Assorted fixes elsewhere. ---- A few bug fixes and backports of all the i915 patches queued for stable from 4.4. ---- A number of fixes across the tree Note that Tenable Network Security has extracted the precedin...
The use of the Linux kernel in Use-After-Free(UAF)vulnerability to mention the right-vulnerability warning-the black bar safety net
Last month broke the CVE-2 0 1 6-0 7 2 8 (local mention the right loopholes so everyone's attention once again focused on the linux kernel security. And CVE-2 0 1 5-3 6 3 6, The CVE-2 0 1 5-7 3 1 2, The CVE-2 0 1 4-2 8 5 1, CVE-2 0 1 6-0 7 2 8 is a Use-After-Free(UAF types of vulnerabilities. We...
Oracle Linux 7 : kernel (ELSA-2016-0185)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0185 advisory. - security keys: Fix keyring ref leak in joinsessionkeyring David Howells 1298931 1298036 CVE-2016-0728 - security keys: Don't permit requestkey to...
CVE-2016-0728
The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...
CVE-2016-0728
The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...
CVE-2016-0728
The CVE-2016-0728 issue affects the Linux kernel up to version 4.4.1, specifically in the keyring handling path join_session_keyring() within security/keys/process_keys.c. A flaw in object reference management in an error path can allow a local, unprivileged user to escalate privileges or cause a...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-136)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...