[SECURITY] Fedora 24 Update: R-3.3.3-1.fc24

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide varie...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

Cisco Unified Computing System Director Elevation of Privilege Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. An elevation of privilege vulnerability exists in Cisco Unified Computing System Director. An attacker could exploit the vulnerability to gain...

Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update

An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

Cryptographers Dismiss AI, Quantum Computing Threats

SAN FRANCISCO—Cryptographers said at the RSA Conference Tuesday they’re skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security. “I’m skeptical there will be much of an impact,” Ron Rivest, a MIT professor and inventor of several...

Denial Of Service (DoS) Through Integer Overflow

ImageMagick is vulnerable to integer overflow through the computing the pixel scaling table. A malicious user can use this to cause the system to crash and perform a denial of service DoS attack...

Oracle MySQL Cluster Remote Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. The database system is characterized by high performance, low cost, good reliability, etc. Oracle MySQL Cluster is one of the high utility, high redundancy version for distributed computing environments....

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...

OsiriX DICOM Viewer 8.0.1 - Memory Corruption

OsiriX DICOM Viewer 8.0.1 - Memory Corruption !/usr/bin/env python -- coding: utf8 -- OsiriX DICOM Viewer 8.0.1 dulparse.cc Remote Memory Corruption Vulnerability Vendor: Pixmeo Sarl Product web page: http://www.osirix-viewer.com Affected version: OsiriX 8.0.1 Summary: With high performance and a...

Oracle acquires DNS provider Dyn for more than $600 Million

Yes, Oracle just bought the DNS provider company that brought down the Internet last month. Business software vendor Oracle announced on Monday that it is buying cloud-based Internet performance and Domain Name System DNS provider Dyn. Dyn is the same company that was hit by a massive distributed...

Moderate: Red Hat Security Advisory: atomic-openshift security and bug fix update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

K7Firewall < 14.0.1.16 Packet Driver Privilege Escalation Vulnerability

K7 Computing product is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libvirt: Setting empty VNC password allows access to unauthorized users

It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...

Moving Beyond EMET

EMET – Then and Now Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit EMET. Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the tim...

Week Four of National Cyber Security Awareness Month

In partnership with DHS, the National Cyber Security Alliance has released information on Navigating Your Continuously Connected Life which examines our future using Internet of Things IoT devices. The CyberAware Tip of the Week details the infographic on the growing IoT and provides safe computi...

CERT Basic Fuzzing Framework: BFF

CERT Basic Fuzzing Framework The CERT Basic Fuzzing Framework BFF is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. Mutational fuzzing is the act of taking well-formed...

Cisco Unified Computing System Local Elevation of Privilege Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. An elevation of privilege vulnerability exists in Cisco Unified Computing System UCS versions prior to 3.02d in UCS Manager and UCS 6200 Fabric...

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...

CVE-2016-6402

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System UCS through 3.02d allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263...