69 matches found
OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)
The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...
Unbreakable Enterprise kernel security update
2.6.39-400.278.3 - net: add validation for the socket syscall protocol argument Hannes Frederic Sowa Orabug: 23267976 CVE-2015-8543 CVE-2015-8543 - ipv6: addrconf: validate new MTU before applying it Marcelo Leitner Orabug: 23263251 CVE-2015-8215 - ext4: avoid hang when mounting non-journal...
USN-2910-1 linux-lts-vivid vulnerabilities
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...
USN-2907-1 linux vulnerabilities
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...
MantisBT 1.1.2 - 1.2.17 XSS Vulnerability - Windows
MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CVE-2014-9272
The stringinserthref function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting XSS attacks via the javascript:// protocol...
CVE-2010-4252
OpenSSL CVE-2010-4252: When J-PAKE is enabled, OpenSSL
LTSP: Authentication bypass in included LibVNCServer code
Background The Linux Terminal Server Project adds thin-client support to Linux servers. Description The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05...
GLSA-200608-05 : LibVNCServer: Authentication bypass
The remote host is affected by the vulnerability described in GLSA-200608-05 LibVNCServer: Authentication bypass LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as 'Type 1 - None'. LibVNCServer will accept this security type, even...