84 matches found
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3250-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3250-1 advisory. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker...
Ubuntu: Security Advisory (USN-3250-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle GlassFish Server 2.1.1.x < 2.1.1.30 / 3.0.1.x < 3.0.1.15 / 3.1.2.x < 3.1.2.16 Multiple Vulnerabilities (January 2017 CPU)
Binary data 9947.prm...
CVE-2017-3250
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Security. Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-3250
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Security. Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-3250
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Security. Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-3250
Oracle GlassFish Server in Oracle Fusion Middleware (Security subcomponent) is affected for versions 2.1.1, 3.0.1 and 3.1.2. A flaw allows an unauthenticated, network-accessing attacker to exploit over HTTP, leading to unauthorized read/update/delete of data and potentially partial denial of serv...
CVE-2016-3250
CVE-2016-3250 is a Windows kernel-mode elevation-of-privilege vulnerability in Win32k. The issue affects kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 (Gold/1511), where a crafted application could cause memory-object handling flaws to escalate privileges locally. The NVD en...
Microsoft Windows Win32k Elevation of Privilege (MS16-090: CVE-2016-3250)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k to load a custom font from an arbitrary file on disk. Successful exploitation could allow an attacker to run arbitrary code with elevated privileges...
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3250 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...
MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via ...
Debian DSA-3250-1 : wordpress - security update
Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in t...
Debian Security Advisory DSA 3250-1 (wordpress - security update)
Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in t...
Debian: Security Advisory (DSA-3250-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities
According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into...
SUSE-RU-2015:0696-1 Security update for puppet
Puppet was updated to fix the following security issues: Unsafe use of temporary files. CVE-2013-4969 Arbitrary code execution with required social engineering. CVE-2014-3248, CVE-2014-3250 Security Issues references: CVE-2014-3248 CVE-2013-4969 CVE-2014-3250...
CVE-2013-3250
Cross-site request forgery CSRF vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...
CVE-2013-3250
Cross-site request forgery CSRF vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...
CVE-2013-3250
Summary: CVE-2013-3250 affects the WordPress WP Maintenance Mode plugin prior to version 1.8.8. Component/host: WordPress WP Maintenance Mode (plugin). Vulnerability: CSRF flaw in settings modification that allows remote attackers to hijack the authentication of arbitrary users. Impact: enables u...
[security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03447828 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03447828 Version: 1 HPSBMU02800...