CVE-2016-1793

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-2965-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-3 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2970-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2970-1 advisory. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. A...

USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities

USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kerne...

USN-2968-1: Linux kernel vulnerabilities

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Ben Hawkes discovered that the Linux kernel's AIO...

Juniper Networks Junos OS Competitive Conditions Vulnerability

Juniper Networks Junos OS is a network operating system dedicated to the company's hardware systems. A competitive condition vulnerability in the Juniper Networks Junos OS Op script Op URL option allows a local attacker to exploit the vulnerability to elevate privileges and take full control of t...

Juniper Networks Junos OS CLI Elevation of Privilege Vulnerability

Juniper Networks Junos OS is a network operating system dedicated to the company's hardware systems. A security vulnerability exists in the Juniper Networks Junos OS CLI that allows a local attacker to exploit the vulnerability to elevate privileges with CLI commands and take full control of the...

Juniper Networks Junos OS Python Privilege Escalation Vulnerabilities

Junos OS is prone to multiple privilege escalation vulnerabilities in Python. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design Vulnerability in Baidu Moplus SDK (WormHole Vulnerability)

The Moplus SDK is a public development kit developed in-house by Baidu, which is integrated into numerous Android applications. The "WormHole" vulnerability exists in Baidu's Moplus SDK, which is mainly used to enhance the expansion of Baidu's search engine in smart terminals, and to realize the...

Cisco self-aeration ROMMON mirror security issue, but the CVE denied numbers-vulnerability warning-the black bar safety net

! Cisco recently released a new security Bulletin says the attackers through the Cisco IOS device to upload ROMMON IOS guide app mirror obtain the device control. However embarrassing is that this product of Cisco the official release of the security warning is not CVE approval. Vulnerability...

GE Healthcare Precision MPi Built-in Account Vulnerability

GE Healthcare Precision MPi is an MPi system for the healthcare industry. GE Healthcare Precision MPi has built-in accounts; serviceapp users use the 'orion' password; clinical operator users use the 'orion' password; and administrator users use the 'PlatinumOne' password, allowing remote attacke...

Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability

A vulnerability in the Prime Collaboration Deployment of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protections of data at rest. An attacker could exploit this vulnerability by browsing to a...

‘Stagefright’ Android Vulnerability

Android devices running Android versions 2.2 through 5.1.1r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device. Users and administrators are...

Viber for Android Remote Arbitrary Code Execution Vulnerability

Viber Media Viber for Android is a suite of VoIP and instant messaging software for the Android platform. A remote security vulnerability exists in Viber Media Viber for Android, which can be exploited by remote attackers to submit a special request to execute arbitrary code and take control of t...

Janitza UMG Power Quality Measuring Products Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the NCCIC/ICS-CERT web site. Mattijs van Ommeren of Applied Risk has identified several vulnerabilities in the Janitza UMG power quality measuring products. Janitza ha...

IBM General Parallel File System mmfslinux Kernel Module Denial of Service Vulnerability

The IBM General Parallel File System is a shared file system that originated from the virtual shared disk technology used on IBM SP systems. A denial of service vulnerability in the IBM General Parallel File System mmfslinux kernel module allows attackers to cause a memory crash via a specially...

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...

INSTEON Hub 2242-222 - Lack of Web and API Authentication

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model discontinued Product...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

PT-2013-1032 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.11.8 Description: The issue allows local users to bypass intended access restrictions via a crafted ioctl call due to the lack of privilege level checking in the aac compat ioctl function. This could potential...