Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Concrete CMS: Local File Inclusion path bypass

Hey, After reading egix's report 59665 and seeing your fix at https://github.com/concrete5/concrete5/commit/19d0cc81c7cd485b856289ac71ebc0389ea7c3da & https://github.com/concrete5/concrete5/commit/c646dd0defcfa79ef119dca8ba1beba2c5bc91ea I think the fixes are insufficient to stop lfi. If you are...

Update for Microsoft Silverlight (KB3162593)

This update to Silverlight improves security, reliability, accessibility support, startup performance, enhances line-of-business support and includes several fixes to better support rich internet applications. This update is backward compatible with web applications built using previous versions ...

Users experience undesirable behaviour like profile corruption, data loss with Profile Management

Users may Experience Profile corruption, slow logons, data loss or unexpected behaviour if using profiles from differing Windows version as Roaming or UPM profiles...

OracleVM 3.2 : nss (OVMSA-2016-0066)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSLDHMINPBITS in more places. - Keep SSLDHMINPBITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are execut...

[SECURITY] Fedora 24 Update: python3-3.5.1-8.fc24

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

[SECURITY] Fedora 23 Update: python3-3.4.3-7.fc23

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

CVE-2016-3233

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."...

Information disclosure

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers...

CVE-2016-3233

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."...

CVE-2016-3234

CVE-2016-3234 affects Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint 2010 SP2/2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1. The root cause is an information disclosure flaw that...

Microsoft Office Compatibility Pack Multiple Vulnerabilities (3163610)

This host is missing an important security update according to Microsoft Bulletin MS16-070. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Office CVE-2016-3234 Information Disclosure Vulnerability

Description Microsoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office 2010 Service Pack 2 64-bi...

Microsoft Office CVE-2016-0025 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

[SECURITY] Fedora 23 Update: compat-nettle27-2.7.1-2.fc23

Compatibility package with nettle 2.7 libraries...

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

FreeBSD -- Kernel stack disclosure in Linux compatibility layer

Problem Description: The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a...

FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer

Problem Description: The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions ...

The vulnerability of the Word Viewer, Microsoft Word text editor, Microsoft Office suite, Microsoft Office Compatibility Pack, and Word For Mac text editor allows a perpetrator to execute arbitrary code.

The vulnerability of the Word Viewer, Microsoft Word text editor, Microsoft Office suite, and the Microsoft Office Compatibility Pack lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted Office document from a remote...

FreeBSD-SA-16:20.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:20.linux Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in Linux compatibility layer Category: core Module: linux4 Announced: 2016-05-3...