Scientific Linux Security Update : NetworkManager on SL7.x x86_64 (20151119)

It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs Router Advertisements, without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to...

UBUNTU-CVE-2015-7512

Buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service guest OS crash or execute arbitrary code via a large packet...

DEBIAN-CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service IPv6 traffic disruption via a crafted MTU value in an IPv6 Router Advertisement RA message, a different vulnerability than CVE-2015-8215...

DEBIAN-CVE-2015-7969

Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service memory consumption via a large number of "teardowns" of domains with the vcpu pointer array allocated using the 1 XENDOMCTLmaxvcpus hypercall or the...

Radancy: Sql-inj in https://maximum.com/ajax/people

Hi Sql-inj in param order in https://maximum.com/ajax/people?order=email1&order=ASC&page=1...

gluster-swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage swiftonfile. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

UBUNTU-CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service IPv6 traffic disruption via a crafted MTU value in an IPv6 Router Advertisement RA message, a different vulnerability than CVE-2015-8215...

OpenSSH Keyboard Cross Validation Brute Force Vulnerability

OpenSSH is an open source implementation of the SSH protocol. A security vulnerability in the OpenSSH implementation with keyboard interaction turned on allows an attacker to bypass the MaxAuthTries limit and perform brute-force breaking attacks...

CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

Surebackup Error “OS did not boot in the allotted time”

Challenge A VM being started by SureBackup fails with the error: OS did not boot in the allotted time Cause This error occurs when the VM being powered on by the SureBackup job fails to become stable within the "Maximum allowed boot time" specified in the Application Group settings or the Linked...

Tesla Motors Starts Bug Bounty--But Not For Its Cars

Tesla Motors has started a bug bounty program that will pay researchers up to $1,000 for disclosing vulnerabilities. However, the rewards don’t apply to bugs found in the company’s vehicles. The program’s scope is quite narrow, with only the main teslamotors.com domain and other domains owned by...

WifiInfoView v1.79 - WiFi Scanner for Windows 7/8/Vista

WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name SSID, MAC Address, PHY Type 802.11g or 802.11n, RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name Only for routers...

openstack-swift: Swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in OpenStack Object Storage swift. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

Dropbox Launches Bounty Program on HackerOne

Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Zer0 - Secured file deletion made easy

Zer0 is a user friendly file deletion tool with a high level of security. With Zer0, you'll be able to delete files and to prevent file recovery by a 3rd person. So far, no user reported an efficient method to recover a file deleted by Zer0. Features User friendly HMI : Drag'n'drop, 1 click and t...

CVE-2015-0886

Integer overflow in the cryptraw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent...

UBUNTU-CVE-2015-0886

Integer overflow in the cryptraw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent...