PT-2017-1224 · Google +4 · Android +4

Name of the Vulnerable Software and Affected Versions: Android versions Kernel-3.10 through Kernel-3.18 Description: An elevation of privilege issue in the kernel networking subsystem could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue ...

CVE-2016-9211

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51...

CVE-2016-6474

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases: 15.52.25T. Known...

Google Android kernel networking subsystem elevation of privilege vulnerability

Android on Nexus 5X is a Linux-based open source operating system for the Nexus 5X smartphone developed by Google and the Open Handset Alliance OHA. kernel networking subsystem is one of the kernel networking subsystems. An elevation of privilege vulnerability exists in the kernel networking...

Moxa MiiNePort Session Hijacking Vulnerability

Moxa MiiNePort is an embedded device networking module from Moxa designed for manufacturers to connect serial devices to a network connection. A security vulnerability exists in Moxa MiiNePort. An attacker could use this vulnerability to brute-force decode session cookies and download configurati...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)

This update for java-180-ibm fixes the following issues : - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

Design/Logic Flaw

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6753

An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it...

CVE-2016-6753

An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it...

DEBIAN-CVE-2016-9375

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful...

java security update

CentOS Errata and Security Advisory CESA-2016:2658 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Linux Network Analyzer: netsniff-ng

Linux Network Analyzer A Swiss army knife for your daily Linux network plumbing netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...

The OAuth 2.0 Protocol improper use leads to billions of APP account can be remotely hijacking-vulnerability warning-the black bar safety net

Foreword Chinese University of Hong Kong the three-digit security researcher Ronghai Yang, Wing Cheong Lau And Tianyu Liu found an extremely dangerous security risk, more than 1 0 million of the mobile APP including the Android version and iOS version are in the user is completely unaware of the...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20161107)

Security Fixes : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

CVE-2016-8632

A flaw was found in the TIPC networking subsystem which could allow for memory corruption and possible privilege escalation. The flaw involves a system with an unusually low MTU 60 on networking devices configured as bearers for the TIPC protocol. An attacker could create a packet which will...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)

IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues : - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrit...