Nmap NSE 6.01: smb-enum-processes

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tuned: insecure permissions of tuned.pid

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

DARPA, FIDO Alliance Join Race to Replace Passwords

Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of...

Schneider Electric Interactive Graphical SCADA System Data Collector Overflow

Added: 02/11/2013 CVE: CVE-2013-0657 BID: 57449 OSVDB: 89324 Background Schneider Electric Interactive Graphical SCADA System IGSS is a supervisory control and data acquisition SCADA system designed to monitor and control industrial processes. The Data Collector DC.exe component listens on port...

[SECURITY] Fedora 18 Update: qemu-1.2.2-2.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 17 Update: qemu-1.0.1-3.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

AIX 5.2 TL 0 : ps (IZ11242)

An information leak exists in the 'bos.rte.control' fileset commands listed below. A local attacker may access sensitive information for arbitrary processes. The following commands are vulnerable : /usr/bin/ps. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was...

CVE-2012-5155

Removed by vendor...

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

[SECURITY] Fedora 16 Update: qemu-0.15.1-8.fc16

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 17 Update: qemu-1.0.1-2.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Command injection

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line...

[SECURITY] Fedora 18 Update: qemu-1.2.0-3.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Mandrake Linux Security Advisory : kernel (MDKSA-2000:012)

POSIX 'Capabilities' have recently been implemented in the Linux kernel. These 'Capabilities' are an additional form of privilege control to enable more specific control over what privileged processes can do. Capabilities are implemented as three fairly large bitfields, which each bit representin...

CVE-2012-2868

Removed by vendor...

CVE-2012-3487

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process...

Race condition

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process...

CVE-2012-3487

CVE-2012-3487 describes a race condition in Tunnelblick 3.3beta20 and earlier. The flaw lets local users kill unintended processes by waiting for a specific PID value to be assigned to a target process, as documented across multiple sources (NVD, Red Hat, CVE lists). The available materials do no...