IBM DB2 Database Automatic Maintenance File Acquisition Vulnerability

IBM DB2 is a set of relational database management system developed by IBM in the United States, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that allows a...

Threat Outbreak Alert RuleID16473: Email Messages Distributing Malicious Software on July 6, 2015

Medium Alert ID: 39765 First Published: 2015 July 8 17:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16473 may contain the following files: Name | Size...

abrt: default abrt event scripts lead to information disclosure

It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...

Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64 (20150629)

A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...

MGASA-2015-0265 Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

CVE-2015-3728

The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area...

Massachusetts Institute of Technology（MIT）invention vulnerabilities automatically repair system-vulnerability warning-the black bar safety net

! In this month's Computer Society programming languages design and implementation Conference on the Association for Computing Machinery's Programming Language Design and Implementation, the MIT researchers demonstrated a new system, it is possible by introducing other, more security of applicati...

Away from the Flash, away from the dangerous: from Flash 0day vulnerability disclosure to the integrated penetration tools package, only used 4-day-vulnerability warning-the black bar safety net

6 on 2 7 January, a penetration testing Toolkit Magnitude has been successfully Adobe Flash Player 0day vulnerability, and this time only in the Adobe release fix vulnerabilities patch after four days, kit software the author recently become the fastest to achieve the use of the Flash Player...

Debian Security Advisory DSA 3297-1 (unattended-upgrades - security update)

It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options:: apt configuration. OpenVAS Vulnerability Test $Id:...

Samsung PC malicious disable the Windows Update“scandal”-vulnerability warning-the black bar safety net

The recent Windows users reflect that their Samsung computer on the Windows Automatic Update program will be randomly disabled, this is for their PC Security a security risk. 禁用 Windows 更新 的 程序 名为 DisableWindowsupdate.exe this app is Samsung SW Update software part. SW Update is typical for the O...

ABRT Local Information Disclosure Vulnerability

ABRT is a set of automated bug reporting tools. ABRT suffers from a local information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

ABRT Local Elevation of Privilege Vulnerability

ABRT is a set of automated bug reporting tools. ABRT suffers from a local boost elevation vulnerability. A local attacker can exploit this vulnerability to gain root privileges...

Samsung's Swift Keyboard Update Mechanism Exposes 600M Devices

The Swift keyboard, installed by default on Samsung Android mobiles, exposes devices to a host of remote attacks that could be executed by attackers ranging from criminals sitting man-in-the-middle on local Wi-Fi networks, to a state actor in an upstream position at an ISP or backbone. NowSecure...

PT-2020-7834 · Abrt +2 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT affected versions not specified Description: The issue concerns the abrt-action-install-debuginfo-to-abrt-cache help program in the Automatic Bug Reporting Tool ABRT, which fails to properly handle the process environment before invoking...

PT-2017-6533 · Red Hat +1 · Abrt +2

Name of the Vulnerable Software and Affected Versions: Automatic Bug Reporting Tool ABRT affected versions not specified Description: The issue concerns the event scripts in ABRT, which use world-readable permission on a copy of the sosreport file in problem directories. This allows local users t...

Portable Penetration Testing Distribution for Windows: PentestBox

PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 70% of penetration testing distributions users uses windows and provides an efficient platform for Penetration Testing on windows. It provides all security tools as a...

[SECURITY] Fedora 21 Update: suricata-2.0.8-1.fc21

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

WS-Attacker - Modular Framework for Web Services Penetration Testing

XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide...

[SECURITY] Fedora 22 Update: suricata-2.0.8-1.fc22

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...