CVE-2016-2985

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2016:2872-1) (Shellshock)

This update for bash fixes the following issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the...

httpstat - Curl Statistics Made Simple

httpstat visualizes curl1 statistics in a way of beauty and clarity. It is a single file Python script that has no dependency and is compatible with Python 3. Installation There are three ways to get httpstat : Download the script directly: wget...

Palo Alto Networks PAN-OS Local Elevation of Privilege Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A local elevation of privilege vulnerability exists in Palo Alto Networks PAN-OS. A local attacker can exploit this vulnerability to gain privileges with specially crafted environme...

MGASA-2016-0393 Updated bash packages fix security vulnerability

A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string CVE-2016-0634. Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command...

Updated bash packages fix security vulnerability

A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string CVE-2016-0634. Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command...

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables...

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables...

Code injection

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables...

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables...

CVE-2016-8562

A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...

CVE-2016-8562

A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...

PT-2016-3430 · Siemens · Siplus Net Cp 1543-1 +1

Name of the Vulnerable Software and Affected Versions: Siemens SIMATIC CP 1543-1 versions prior to V2.0.28 SIPLUS NET CP 1543-1 versions prior to V2.0.28 Description: A vulnerability has been identified in the software, related to improper privilege management and insufficient input validation...

GNU Bourne-Again Shell (Bash) 'Shellshock' - Lenovo Support US

No description provided...

GNU Bourne-Again Shell (Bash) 'Shellshock'

Lenovo Security Advisory: LEN-2014-003 Potential Impact: Execution of arbitrary code Severity: High Summary: GNU Bash is the common command-line shell used in many Linux/UNIX systems. The vulnerability is also referred to as “Shellshock. ” Exploitation of this vulnerability may allow a remote...

ansible: Command injection by compromised server via fact variables

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

AIX 5.3 / 6.1 / 7.1 / 7.2 lquerylv Local Root

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...

DLA-680-2 bash - version number correction

Bulletin has no description...

Debian DLA-676-1 : nspr security update

The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously, these environment variables were not...