Cisco Unified Communications Manager - Multiple Vulnerabilities

Cisco Unified Communications Manager - Multiple Vulnerabilities Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: ------...

Amazon Linux AMI : httpd24 (ALAS-2015-579)

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...

Medium: httpd24

Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use...

Cisco 11.0.1 Unified Communications Manager Command Execution Vulnerability

Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities. Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: -------- Cisco...

RHEL 6 : kernel (RHSA-2015:1583)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1583 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ping socket implementation...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

kernel: ping sockets: use-after-free leading to local privilege escalation

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On...

D-Link DIR-636L Remote Command Injection and Authentication Bypass (CVE-2015-1187)

Remote command injection and authentication bypass vulnerabilities exist in D-Link routers. The vulnerabilities are due to incorrectly filtering input on the 'ping' and 'fwupgrade' tools which allows to inject arbitrary commands into the router and file upload without authentication. A remote...

The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.

The vulnerability of the luawebsocketread function in the luarequest.c component of the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending a specially crafted WebSocket Ping reques...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150805)

An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing t...

kernel: ping sockets: use-after-free leading to local privilege escalation

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On...

CVE-2015-3636

The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by leveraging the ability to make a...

DEBIAN-CVE-2015-3636

The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by leveraging the ability to make a...

kernel: ping sockets: use-after-free leading to local privilege escalation

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On...

Moderate: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

kernel: ping sockets: use-after-free leading to local privilege escalation

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On...

Apache 2.4.x < 2.4.16 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x installed on the remote host is prior to 2.4.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the luawebsocketread function in the 'modlua' module due to incorrect handling of WebSocket PING frames. A remote...

CentOS 6 : kernel (CESA-2015:1221)

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:1221 Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common...