USN-3130-1 openjdk-7 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

VMware Fusion Local Information Disclosure Vulnerability

VMware Fusion allows Windows applications to run seamlessly on Intel-based Mac machines. A local information disclosure vulnerability exists in VMware Fusion. Since System Integrity Protection SIP is enabled by default on Mac OS X, a local attacker can exploit the vulnerability to obtain kernel...

VMware Tools Local Information Disclosure Vulnerability

VMware Tools is a set of enhancements that come with VMware's VMWare virtual machines. It is a set of drivers provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of the virtual machines with those of the host computer. A...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the integrity of protected information

The multiple vulnerabilities in the libstdc++6-0-pic package of the Debian GNU/Linux operating system may lead to a violation of the integrity of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in PHP software allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The use of the SPL component in ext/spl/splarray.c after its release allows attackers to cause service failures or otherwise affect the system, by using ArrayIterator in applications that operate in a specific web hosting environment...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The numerous vulnerabilities in the Mozilla Firefox ESR browser engine allow malicious actors to trigger service failures memory errors and unexpected application termination or execute arbitrary code...

MS16-066: Security Update for Virtual Secure Mode (3155451)

The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability due to certain kernel-mode pages being marked as RWX Read, Write, Execute even when Hypervisor Code Integrity HVCI is enabled. An attacker can exploit this vulnerability, vi...

DLA-448-1 subversion - security update

Bulletin has no description...

FreeBSD : subversion -- multiple vulnerabilities (c8174b63-0d3a-11e6-b06e-d43d7eed0ce2)

Subversion project reports : svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is ...

MGASA-2016-0151 Updated samba packages fix security vulnerabilities

Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibl...

subversion -- multiple vulnerabilities

Subversion project reports: svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a...

Samba LDAP Man-in-the-Middle Attack Vulnerability

Samba is a set of free software that enables the UNIX family of operating systems to connect to the SMB/CIFS network protocol of the Microsoft Windows operating system. Samba's LDAP implementation fails to enforce integrity protection on LDAP connections, allowing remote attackers to exploit this...

samba: Missing downgrade detection

It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Missing downgrade detection

It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections...

Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)

Security Fixes : - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be use...

samba: Missing downgrade detection

It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Missing downgrade detection

It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...