CVE-2016-2179

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related to...

CVE-2016-3863

Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a...

CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right LTR rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left RTL Unicode text, related to...

Information disclosure

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

Ruby: Arbitrary heap overread in strscan on 32 bit Ruby, patch included

ruby require 'strscan' x = 'x' 0x7FFFFFFE s = StringScanner.newx s.pos = 0x7FFFFFFD t = s.peek40000 t.eachbyte do |i| if i != 0 print i.chr end end Run: sh ./ruby r.rb | strings My output: @ ;@VTdBE...

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

CURL-CVE-2016-7141 Incorrect reuse of client certificates

libcurl built on top of NSS Network Security Services incorrectly reused client certificates if a certificate from file was used for one TLS connection but no certificate set for a subsequent TLS connection. While the symptoms are similar to CVE-2016-5420 Reusing connection with wrong client cert...

[SECURITY] [DSA 3659-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3659-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2016 https://www.debian.org/security/faq -...

CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right LTR rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left RTL Unicode text, related to...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3070-4)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3070-4 advisory. USN-3070-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3070-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3070-2 advisory. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3070-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3070-3 advisory. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL...

USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacke...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3070-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3070-1 advisory. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL...

Ubuntu: Security Advisory (USN-3070-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3071-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3072-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...