2285 matches found
libblkid, libmount, libuuid, util, uuidd security update
CentOS Errata and Security Advisory CESA-2017:0907 An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Scientific Linux Security Update : util-linux on SL7.x x86_64 (20170412)
Security Fixes : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVE-2017-2616 Bug Fixes : - The 'findmnt --target ' command prints all...
RHEL 7 : util-linux (RHSA-2017:0907)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0907 advisory. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these...
util-linux: Sending SIGKILL to other processes with root privileges via su
A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...
Moderate: Red Hat Security Advisory: util-linux security and bug fix update
An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Microsoft Windows LDAP Elevation of Privilege Vulnerability (KB4015068)
This host is missing an important security update according to Microsoft April 2017 Security Updates. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
April 11, 2017—KB4015548 (Security-only update)
April 11, 2017—KB4015548 Security-only update Improvements and fixes This security update resolves security vulnerabilities in Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. For more...
IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven
A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...
The vulnerability of the Windows operating system, which allows a perpetrator to manipulate processes or cause service failures
The vulnerability of the Windows operating system’s kernel relates to incorrect access control. Exploiting this vulnerability allows a local attacker to manipulate processes, simulate communication between them, or cause service failures through a specially crafted application...
Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY. POSHSPY leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation WMI. In the investigations Mandiant has conducted, it appeared that APT29 deployed POSHSPY as a secondary...
The vulnerability of the Cisco NX-OS network operating system, which runs on Cisco Nexus 9000 Series switches, allows a malicious actor to initiate unauthorized processes on the system.
The vulnerability of the remote input function in the network operating system of Cisco NX-OS, which operates on Cisco Nexus 9000 Series switches, arises due to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to initiate unauthorized input...
The vulnerability of the Cisco NX-OS network operating system, which runs on Cisco Nexus 9000 Series switches, allows a malicious actor to initiate unauthorized processes on the system.
The vulnerability of the Telnet function in the Cisco NX-OS network operating system, which is used in Cisco Nexus 9000 Series switches, arises from operations that go beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to initiate unauthorized system access,...
coreutils security and bug fix update
8.4-46.0.1 - clean up empty file if cp is failed Orabug 15973168 8.4-46 - pure rebuild to bring back support for aclextendedfilenofollow on x8664 8.4-45 - su: deny killing other processes with root privileges CVE-2017-2616 8.4-44 - fix the functionality of 'sort -h -k ...' in multi-byte locales...
CVE-2017-6507
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due ...
CVE-2017-6186
Code injection vulnerability in Bitdefender Total Security 12.0 and earlier, Internet Security 12.0 and earlier, and Antivirus Plus 12.0 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a...
CVE-2017-5567
Code injection vulnerability in Avast Premier 12.3 and earlier, Internet Security 12.3 and earlier, Pro Antivirus 12.3 and earlier, and Free Antivirus 12.3 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process...
[SECURITY] Fedora 25 Update: qemu-2.7.1-4.fc25
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Qualcomm Android operating system’s camera driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the libgdx library in the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of an unprivileged process, using a specially crafted file. This issue is considered “high”...
CVE-2016-8012
CVE-2016-8012 affects Intel Security Data Loss Prevention Endpoint (DLPe) versions 9.4.200 and 9.3.600. The issue is an access-control vulnerability allowing authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes by manipulating pages in the target proces...