Android Proxy Auto Config (PAC) Crash

Original at: https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/ Summary Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config PAC file when adjusting the Android networking...

Ubuntu: Security Advisory (USN-3114-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Yelp: Nginx server version disclosure on engineeringblog

Hi Yelp Team, I have found a little information disclosure on your system with regards to the version of server you are using, due to not properly handling 404 errors , whe you go to the page that i not existing, the exact nginx version was disclosed. PoC URL: engineeringblog.yelp.com/test PoC...

CVE-2016-1247

A vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append data to files owned by root, potentially elevating their own privileges to root...

[SECURITY] [DSA 3701-2] nginx regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3701-2] nginx regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq -...

Ubuntu 14.04 LTS / 16.04 LTS : nginx regression (USN-3114-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3114-2 advisory. USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update...

DSA-3701-2 nginx - regression update

Bulletin has no description...

USN-3114-2: nginx regression

USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handl...

USN-3114-2 nginx regression

USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handl...

Nginx Elevation of Privilege Vulnerability

Nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A local lift vulnerability exists in nginx on multiple operating systems. Because the program assigns weak permissions to log files, local and remote attackers can exploit this vulnerability to gain root...

Amazon Linux: Security Advisory (ALAS-2016-715)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3701-1 : nginx - security update

Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability www-data to root due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made...

Ubuntu 14.04 LTS / 16.04 LTS : nginx vulnerability (USN-3114-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3114-1 advisory. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain...

Ubuntu: Security Advisory (USN-3114-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3114-1: nginx vulnerability

Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges...

USN-3114-1 nginx vulnerability

Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges...

[SECURITY] [DSA 3701-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3701-1 [email protected] https://www.debian.org/security/ Florian Weimer October 25, 2016 https://www.debian.org/security/faq -...

CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

Debian Security Advisory DSA 3701-1 (nginx - security update)

Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability www-data to root due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made...