USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability in the libs/binder/IPCThreadState.cpp function of the Android operating system’s Binder component exists due to incorrect references to objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges through a specially create...

The vulnerability of the iOS operating system allows attackers to bypass event handlers and modify events of arbitrary applications.

The vulnerability of the XPC Services software interface in the LaunchServices component of the iOS operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass event handler restrictions and modify events of arbitrary application...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

RHEL 6 / 7 : ISC DHCP Concurrent TCP Sessions DoS

RedHat Enterprise Linux 6 / 7 is affected by a denial of service vulnerability in the bundled ISC DHCP server due to a failure to properly restrict the number of concurrent TCP sessions to the ports the server uses for inter-process communications and control. An unauthenticated, remote attacker...

Fedora 22 : kdelibs3-3.5.10-71.fc22 (2015-2f4b92ed2e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...

Fedora 23 : kdelibs3-3.5.10-71.fc23 (2015-6e50918d8e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...

Mozilla Firefox < 38.0 Multiple Vulnerabilities

Binary data 8865.prm...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (May 2015) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

UBUNTU-CVE-2015-1237

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/renderframeimpl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages...

chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors...

Unspecified Arbitrary Code Execution Vulnerability in Google Chrome IPC Interaction

Google Chrome is a WEB-based browser. Google Chrome fails to properly handle IPC, Gamepad API, and Google V8 interaction vulnerabilities, allowing remote attackers to construct malicious WEB pages that can be tricked into parsing and executing arbitrary code...

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CNVD-2015-01868)

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. Cisco AnyConnect Secure Mobility Client 4.0 .00051 and prior versions contain a security vulnerability in the IPC channel, which can be exploited by a local user to write to any user-space memory location via a...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in inter-process communication IPC that allows a local attacker to write and overwrite arbitrary files with elevated privileges...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...

[SECURITY] [DSA 3161-1] dbus security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3161-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2015 http://www.debian.org/security/faq -...