CentOS 6 / 7 : microcode_ctl (CESA-2018:0093) (Spectre)

An update for microcodectl is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red H...

unrar/unrar_fuzzer: Use-of-uninitialized-value in QuickOpen::Read

Project: https://github.com/aawc/unrar.git Detailed report: https://oss-fuzz.com/testcase?key=5101043319832576 Project: unrar Fuzzer: libFuzzerunrarfuzzer Fuzz target binary: unrarfuzzer Job Type: libfuzzermsanunrar Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

Cisco Patches DoS Flaw in BGP over Ethernet VPN Implementation

Cisco said that changes to its implementation of the Border Gateway Protocol BGP over an Ethernet VPN has created a vulnerability in its IOE XE software. The networking giant has released software updates for IOS XE that patches the issue, which could be exploited remotely without authentication,...

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

Design/Logic Flaw

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2017-01023)

Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. A security vulnerability exists in the Server: DML subcomponent of the MySQL Server component in Oracle MySQL. ...

F5 Networks BIG-IP : XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities (K97285349)

A stored cross-site scripting XSS vulnerability in the BIG-IP Configuration utility device name change page allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility...

Sql injection

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

Fedora 24 : kernel (2016-9a16b2e14e)

Update to latest upstream stable release, Linux v4.6.4 For those with Skylake CPUs, please note that there may be instability with a recent microcode update. Read https://www.happyassassin.net/2016/07/07/psa-failure-to-boot-after-ker nel-update-on-skylake-systems/ and look for a system firmware...

Fedora 23 : kernel (2016-784d5526d8)

Update to latest upstream stable release, Linux v4.6.4 For those with Skylake CPUs, please note that there may be instability with a recent microcode update. Read https://www.happyassassin.net/2016/07/07/psa-failure-to-boot-after-ker nel-update-on-skylake-systems/ and look for a system firmware...

Cisco ASA 5500 Devices DoS Vulnerability (cisco-sa-20160309-csc)

Cisco ASA 5500 devices are prone to a denial of service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

UCS Director Arbitrary File Overwrite Vulnerability

Cisco UCS Director is prone to a vulnerability that may allow attackers to over write arbitrary files. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability

A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module CSC-SSM could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due ...

Cisco ASA Management Interface XML Parser DoS Vulnerability (cisco-sa-20151123-asa)

A vulnerability in the XML parser of the management interface of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Cisco ASA Management Interface XML Parser Denial of Service Vulnerability

A vulnerability in the XML parser of the management interface in Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause system instability and possibly crash an affected system. The vulnerability is due to insufficient hardening of the XML parser cod...

xen-tools -- populate-on-demand balloon size inaccuracy can crash guests

The Xen Project reports: Guests configured with PoD might be unstable, especially under load. In an affected guest, an unprivileged guest user might be able to cause a guest crash, perhaps simply by applying load so as to cause heavy memory pressure within the guest...

Code injection

Cisco NX-OS 6.12I34 and 7.03I11 on Nexus 9000 N9K devices allows remote attackers to cause a denial of service CPU consumption or control-plane instability or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560...