Security feature bypass

Basware Banking Maksuliikenne before 8.90.07.X relies on the client to enforce 1 login verification, 2 audit trail creation, and 3 account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from...

CVE-2015-6744

Basware Banking Maksuliikenne before 8.90.07.X relies on the client to enforce 1 login verification, 2 audit trail creation, and 3 account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from...

CVE-2015-6745

Basware Banking Maksuliikenne 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability typ...

CVE-2015-6745

Baseline affected software: Basware Banking (Maksuliikenne), version 8.90.07.X and earlier. Vulnerability: the product relies on the client to enforce account locking, enabling a local attacker to bypass the security mechanism by deleting entries in the locking list (or locking table). Root cause...

Race condition

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error...

Debian Security Advisory DSA 3332-1 (wordpress - security update)

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect yo...

Fedora 22 : openssh-6.9p1-1.fc22 (2015-11063)

This update brings security fix for two announced vulnerabilities. Namely XSECURITY restrictions bypass under certain conditions AND weakness of agent locking ssh-add -x to password guessing more info in related bugs. It also provides new version of openssh-6.9 which is bringing many bugfixes and...

Fedora 21 : openssh-6.6.1p1-13.fc21 (2015-11067)

This update brings security fix for two announced vulnerabilities. Namely XSECURITY restrictions bypass under certain conditions AND weakness of agent locking ssh-add -x to password guessing more info in related bugs. For more information see related bugs. Note that Tenable Network Security has...

OpenSSH < 6.9 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 6.9. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the x11openhelper function in the 'channels.c' file that allows connections to be permitted after 'ForwardX11Timeout' ha...

Mac OS X Multiple EFI Vulnerabilities (EFI Security Update 2015-001)

The remote Mac OS X host is running EFI firmware that is affected by multiple vulnerabilities : - An insufficient locking issue exists, when resuming from sleep states, which allows a local attacker to write to the EFI flash memory by using an crafted application with root privileges. CVE-2015-36...

The phone did not leave the body but by hacking the lock to blackmail you don't understand the Apple“security vulnerability”-vulnerability warning-the black bar safety net

Yesterday reported that Mr. Xu transfer of second-hand Apple phone, the A 9 0 after the guy borrowed test machine of two-time with a cloud account bound, Mr. Xu phone, and extortion 3 0 0 Yuan unlocking fee. Smartphones bring to our lives a lot of convenience and even lifestyle changes. However,...

Design/Logic Flaw

Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges...

Apple OS X EFI Flash Modification Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. Apple Mac OS X has a security vulnerability that allows root privileged applications to modify EFI flash memory by failing to adequately lock the EIF flash memory when resuming from hibernation...

SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1)

This collective update for the GNU C library glibc provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. bnc813121, CVE-2013-1914 - Fix a different stack overflow in getaddrinfo with many results. bnc828637 - Fix array...

SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2013:0858-1)

This collective update for the GNU C library glibc provides the following fixes : - Fix stack overflow in getaddrinfo with many results bnc813121, CVE-2013-1914 - Fix locking in IOcleanup bnc796982 - Fix buffer overflow in glob bnc691365 - Fix memory leak in execve bnc805899 Note that Tenable...

F5 Networks BIG-IP : Multiple MySQL vulnerabilities (K16389)

CVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecified vulnerability in the MySQL...

Scientific Linux Security Update : GNOME Shell on SL7.x x86_64 (20150305)

It was found that the GNOME shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots. CVE-2014-7300 This update also...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150305)

A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. CVE-2015-0274, Important It was found that...

Linux kernel denial of service vulnerability (CNVD-2015-01817)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the file system implementation of Linux kernel 3.12.17 and prior versions, which originates from a program that uses an improper locking...

kernel: soft lockup on aio

It was found that due to excessive fileslock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system...