SAP Patches Critical HANA Vulnerability That Allowed Full Access

SAP patched a series of critical vulnerabilities in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise without authentication. When chained together the flaws could lead to the theft of confidential information, financial fraud, and the...

March 2017 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also...

UBUNTU-CVE-2017-0476

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged...

Updated util-linux packages fix security vulnerability

With the su command from util-linux before 2.29.2, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su proces...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of Synaptics’ sensor screen driver in the Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary local malware code within the kernel context. This issue is considered “highly critical”...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Android operating system’s networking subsystem is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered “moderate,” as ...

The vulnerability of the Android operating system, which allows a hacker to bypass the security measures of the operating system

The vulnerability in the Android operating system’s package manager is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the operating system’s defenses, which typically isolate malicious applications from other applications. This...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability in the audio driver of the Qualcomm Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered “high”...

CVE-2016-8344

An issue was discovered in Honeywell Experion Process Knowledge System PKS platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a...

CVE-2015-7493

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information...

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

Xen CMPXCHG8B Emulation Information Disclosure (XSA-200)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability due to a flaw in the x86 instruction CMPXCHG8B when handling prefixes. This is triggered because legac...

Xen SYSCALL singlestep Handling Privilege Escalation (XSA-204)

According to its self-reported version number, the Xen hypervisor installed on the remote host is missing a security update. It is, therefore, affected by a privilege elevation vulnerability in the instruction emulator when handling SYSCALL by single-stepping applications. This is due to incorrec...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerabilities of MediaTek components, including the temperature control driver and the Android operating system’s video driver, are related to access control deficiencies. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary local malware code within the kernel...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerabilities of MediaTek components, including the temperature control driver and the Android operating system’s video driver, are related to access control deficiencies. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary local malware code within the kernel...

CVE-2016-0320

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...

CVE-2016-0320

CVE-2016-0320 affects IBM UrbanCode Deploy. Description: an authenticated user could modify UCD objects via multiple REST endpoints that do not properly authorize edits, potentially altering behavior of legitimately triggered processes. Affected versions include UrbanCode Deploy 6.0 through 6.2.x...

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

Design/Logic Flaw

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...