The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Android operating system’s tire driver is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges through a specially created application...

UBUNTU-CVE-2016-5126

Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...

Kamailio 4.3.4 - Heap Buffer Overflow

census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 4.3.4 and possibly previous versions Class: Heap-based Buffer Overflow CWE-122 Remote: Yes Discovered by: Stelios Tsampas Kamailio successor of former OpenSER and SER is an Open Source SIP Server released under GPL, abl...

p5-PathTools -- File::Spec::canonpath loses taint

Ricardo Signes reports: Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach...

Redmine Information Disclosure Vulnerability

Redmine is a set of open source Web-based project management and defect tracking tools . An information disclosure vulnerability exists in Redmine. An attacker can exploit this vulnerability to obtain sensitive information...

Insufficient symlink verification in smbd.

Description All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with...

abrt, libreport security update

CentOS Errata and Security Advisory CESA-2015:2505 Updated abrt and libreport packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

[SECURITY] Fedora 21 Update: abrt-2.3.0-12.fc21

abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

[SECURITY] Fedora 23 Update: abrt-2.7.0-2.fc23

abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...

Oracle: Security Advisory (ELSA-2015-1668)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : httpd (ELSA-2015-1667)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1667 advisory. - core: fix chunk header parsing defect CVE-2015-3183 Tenable has extracted the preceding description block directly from the Oracle Linux security...

httpd security update

2.2.15-47.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-47 - fix regressions caused by fix for CVE-2015-3183 2.2.15-46 - core: fix chunk header parsing defect CVE-2015-3183...

httpd security update

2.4.6-31.0.1.el71.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-31.1 - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-3185...

FreeBSD : apache22 -- chunk header parsing defect (29083f8e-2ca8-11e5-86ff-14dae9d210b8)

Apache Foundation reports : CVE-2015-3183 core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters...

Disucz X3. 2 multiple reflected XSS vulnerability, a function of the defect leads to the-vulnerability warning-the black bar safety net

A function defect caused by XSS. Detailed description: member. php? mod=logging&action=login&referer=javascript://www. discuz. net/ code area welcome back, Newbie xx, it will now be transferred to the login pagesetTimeout"window. location. href ='javascript://www. discuz. net/';", 2 0 0...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the kernel-pcmcia-modules-2.4.27-2-686-smp package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerability in OpenSSL - Multiblock corrupted pointer

Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...

OpenSSL to Patch High Severity Vulnerability this Week

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team...