Fedora 23 : 2:docker (2016-6a0d540088)

built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...

The vulnerability of the General Parallel File System allows a perpetrator to execute an application with administrator privileges.

The vulnerability of the General Parallel File System is related to insufficient authentication of network packets when the cipherList configuration parameter is enabled. Exploiting this vulnerability allows a malicious actor to execute an application with administrator privileges remotely...

The vulnerability of the WebSphere Application Server software allows a malicious attacker to compromise the accessibility of protected information.

A vulnerability in the web server plugin of IBM WebSphere Application Server WAS, when the POST requester function is enabled, allows malicious actors operating remotely to cause a service failure abnormal termination of the daemon...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

A memory leak in the winntaccept function in server/mpm/winnt/child.c, within WinNT MPM in the Apache HTTP Server, when the standard AcceptFilter is enabled, allows malicious actors operating remotely to trigger a denial-of-service attack by using specially crafted requests...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...

The vulnerability of the Cisco Wireless LAN Controller 2500 software allows a malicious individual to cause service failure.

The vulnerability in the monitoring service of Multimedia Delivery MLD for Cisco Wireless LAN Controllers WLC – when the MLDv2 Snooping function is enabled – allows malicious actors operating remotely to trigger a service failure rebooting the device by using improperly crafted IPv6 MLDv2 packets...

The vulnerability of the Cisco Wireless LAN Controller 4100 software allows a malicious individual to cause service failure.

The vulnerability in the monitoring service of Multimedia Delivery MLD for Cisco Wireless LAN Controllers WLC – when the MLDv2 Snooping function is enabled – allows malicious actors operating remotely to trigger a device reboot by using improperly crafted IPv6 MLDv2 packets...

DEBIAN-CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time...

HackerOne: Know undisclosed Bounty Amount when Bounty Statistics are enabled.

Hi, When a program does not disclose How much bounty is paid to particular report , but if bounty statics is enabled then undisclosed Bounty Amount can be enumerated. For example Uber does not disclose bounty awarded to particular researcher but show bounty statics so we can write a script that...

Fortinet FortiWeb Path Traversal Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

kernel-rt: Sending SysRq command via ICMP echo request

A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and...

CVE-2016-4802

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 security.dll, 2 secur32.dll, or 3 ws232.dll in the application or current...

LHV - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application LHV published at the 'play' market has multiple vulnerabilities...

Discount Bank - Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Discount Bank published at the 'play' market has multiple vulnerabilities...

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets...

Targeted Attacks against Banks in the Middle East

Introduction In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our...

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

FileMaker server issue where PHP source code may be viewable

Overview FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

M-Drill - Suspicious files, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application M-Drill published at the 'play' market has multiple vulnerabilities...