MS15-084: Description of the security update for Windows XML core services: August 11, 2015

MS15-084: Description of the security update for Windows XML core services: August 11, 2015 Summary This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks ...

Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014

Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014 View products that this article applies to. Introduction This update is for the Microsoft .NET Framework to disable...

Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014

Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014 View products that this article applies to. Introduction This update is for the Microsoft .NET Framework to disable RC4 in Transpor...

puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud

An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $publicsslport value was set to...

MGASA-2017-0003 Updated kernel-linus packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows...

Design/Logic Flaw

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

DEBIAN-CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

MGASA-2016-0429 Updated kernel and kmod packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 A use-after-free vulnerability in the SCSI generic driver allows users with write access ...

Updated kernel and kmod packages fix security vulnerabilities

This update is based on upstream 4.4.39 and fixes at least the following security issues: Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack CVE-2016-8399 A use-after-free vulnerability in the SCSI generic driver allows users with write access ...

DEBIAN-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

UBUNTU-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3252-1)

The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed : - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. -...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3248-1)

The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed : - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. -...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3203-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed : - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg or /dev/bsg to elevate their privileges bsc1013604. -...

ip-geolocation-map-bing NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and renders a Bing Map of markers representing the targets. The Bing Maps REST API has a limit of 100 markers, so if more coordinates are found, only the top 100 markers by number of IP...

CVE-2016-8816

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of...

CVE-2016-8826

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys for Windows or nvidia.ko for Linux where a user can cause a GPU interrupt storm, leading to a denial of service...

CVE-2016-8826

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys for Windows or nvidia.ko for Linux where a user can cause a GPU interrupt storm, leading to a denial of service...