CVE-2017-6507

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due ...

CVE-2017-5567

Code injection vulnerability in Avast Premier 12.3 and earlier, Internet Security 12.3 and earlier, Pro Antivirus 12.3 and earlier, and Free Antivirus 12.3 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process...

CVE-2017-6186

Code injection vulnerability in Bitdefender Total Security 12.0 and earlier, Internet Security 12.0 and earlier, and Antivirus Plus 12.0 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a...

[SECURITY] Fedora 25 Update: qemu-2.7.1-4.fc25

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Android operating system’s camera driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the libgdx library in the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of an unprivileged process, using a specially crafted file. This issue is considered “high”...

CVE-2016-8012

CVE-2016-8012 affects Intel Security Data Loss Prevention Endpoint (DLPe) versions 9.4.200 and 9.3.600. The issue is an access-control vulnerability allowing authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes by manipulating pages in the target proces...

SAP Patches Critical HANA Vulnerability That Allowed Full Access

SAP patched a series of critical vulnerabilities in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise without authentication. When chained together the flaws could lead to the theft of confidential information, financial fraud, and the...

March 2017 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...

UBUNTU-CVE-2017-0476

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged...

Updated util-linux packages fix security vulnerability

With the su command from util-linux before 2.29.2, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su proces...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of Synaptics’ sensor screen driver in the Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary local malware code within the kernel context. This issue is considered “highly critical”...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Android operating system’s networking subsystem is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered “moderate,” as ...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability in the audio driver of the Qualcomm Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered “high”...

The vulnerability of the Android operating system, which allows a hacker to bypass the security measures of the operating system

The vulnerability in the Android operating system’s package manager is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the operating system’s defenses, which typically isolate malicious applications from other applications. This...

CVE-2016-8344

An issue was discovered in Honeywell Experion Process Knowledge System PKS platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a...

CVE-2015-7493

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information...

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

Xen SYSCALL singlestep Handling Privilege Escalation (XSA-204)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a privilege elevation vulnerability in the instruction emulator when handling SYSCALL by single-stepping applications. This is due to incorrec...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerabilities of MediaTek components, including the temperature control driver and the Android operating system’s video driver, are related to access control deficiencies. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary local malware code within the kernel...