59 matches found
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3293-1)
Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service memory consumption in the host OS. CVE-2017-2596 Dmitry Vyukov discovered that the generic SCSI sg subsystem i...
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features : - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed : - CVE-2017-7308: The packetsetring...
CVE-2016-7261
...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features : - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcpwestwood The following security bugs were fixed : - CVE-2017-2671: The pingunhash...
SUSE-SU-2017:1183-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcpwestwood The following security bugs were fixed: - CVE-2017-2671: The pingunhash...
openSUSE Security Update : the Linux Kernel (openSUSE-2017-532)
The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service API operation calling its own callback, and infinite recursion ...
openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1140-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DLA-922-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-2188 Ralf Spenneberg of OpenSource Security reported that the iowarrior device driver did not sufficiently validate USB descriptors. This...
[SECURITY] [DLA 922-1] linux security update
Package : linux Version : 3.2.88-1 CVE ID : CVE-2016-2188 CVE-2016-9604 CVE-2016-10200 CVE-2017-2647 CVE-2017-2671 CVE-2017-5967 CVE-2017-5970 CVE-2017-6951 CVE-2017-7184 CVE-2017-7261 CVE-2017-7273 CVE-2017-7294 CVE-2017-7308 CVE-2017-7472 CVE-2017-7616 CVE-2017-7618 Several vulnerabilities have...
Fedora 25 : kernel (2017-93dec9eba5)
The 4.10.8 stable update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 24 : kernel (2017-02174df32f)
The 4.10.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
CVE-2017-7261
The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly panic via a crafted ioctl cal...
CVE-2017-7261
CVE-2017-7261 affects the Linux kernel driver vmwgfx. The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c does not check for a zero value of certain levels data, allowing a local user to cause a denial of service (ZERO_SIZE_PTR dereference, GP fault, and potentially a...
CVE-2015-7261
CVE-2015-7261 affects QNAP iArtist Lite before 1.4.54 (bundled with Signage Station before 2.0.1). The FTP service contains hardcoded credentials, enabling remote access via TCP port 21. Root cause is hard-coded FTP accounts/passwords in iArtist Lite used by Signage Station; impact is unauthorize...
CVE-2014-7261
Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263...
Cross site scripting
Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...
CVE-2014-7261
Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263...
CVE-2014-7261
CVE-2014-7261 affects i-HTTPD (Windows) via a flaw in processing the HTTP header that can lead to cross-site scripting (CWE-79). The connected JVN entry explicitly documents an XSS in the HTTP header handling and notes that this vulnerability is distinct from CVE-2014-7263 (directory-index render...
CVE-2008-7261
The CVE-2008-7261 entry affects IBM FileNet P8 Application Engine (P8AE) Workplace (WP) component, specifically version 3.5.1 prior to 3.5.1-010. The issue arises because DEBUG messages containing user credentials are written into the log4j.xml file, potentially allowing local users to read sensi...