112 matches found
CVE-2017-2616
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...
Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in coreutils (util-linux)
Summary A security vulnerability has been discovered in coreutils util-linux, which is used by IBM QRadar Network Security. Vulnerability Details CVEID: CVE-2017-2616 DESCRIPTION: util-linux could allow a local authenticated attacker to bypass security restrictions, caused by a race condition whe...
Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-7421, CVE-2015-7420)
Summary Vulnerabilities were discovered in GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...
openSUSE: Security Advisory for php5 (openSUSE-SU-2018:1317-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES11 Security Update : php53 (SUSE-SU-2018:1294-1)
This update for php53 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...
openSUSE Security Update : php7 (openSUSE-2018-441)
This update for php7 fixes the following issues : Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...
CVE-2018-10545
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...
Fedora 27 : php (2018-12f92ff831)
PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...
openssh: Leak of host private key material to privilege-separated child process via realloc()
It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...
httpd: DoS vulnerability in mod_auth_digest
It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...
EulerOS 2.0 SP1 : util-linux (EulerOS-SA-2017-1083)
According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...
EulerOS 2.0 SP2 : util-linux (EulerOS-SA-2017-1084)
According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...
libblkid, libmount, libuuid, util, uuidd security update
CentOS Errata and Security Advisory CESA-2017:0907 An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
RHEL 7 : util-linux (RHSA-2017:0907)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0907 advisory. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these...
Scientific Linux Security Update : util-linux on SL7.x x86_64 (20170412)
Security Fixes : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVE-2017-2616 Bug Fixes : - The 'findmnt --target ' command prints all...
Moderate: Red Hat Security Advisory: util-linux security and bug fix update
An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
DEBIAN-CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)
It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...
Updated socat packages fix CVE-2015-1379
Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes...
Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability
Exploit for windows platform in category web applications !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version:...