AIX 5.2 TL 0 : ps (IZ11242)

An information leak exists in the 'bos.rte.control' fileset commands listed below. A local attacker may access sensitive information for arbitrary processes. The following commands are vulnerable : /usr/bin/ps. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was...

CVE-2012-5155

Removed by vendor...

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

[SECURITY] Fedora 16 Update: qemu-0.15.1-8.fc16

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 17 Update: qemu-1.0.1-2.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Command injection

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line...

[SECURITY] Fedora 18 Update: qemu-1.2.0-3.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Mandrake Linux Security Advisory : kernel (MDKSA-2000:012)

POSIX 'Capabilities' have recently been implemented in the Linux kernel. These 'Capabilities' are an additional form of privilege control to enable more specific control over what privileged processes can do. Capabilities are implemented as three fairly large bitfields, which each bit representin...

CVE-2012-2868

Removed by vendor...

CVE-2012-3487

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process...

Race condition

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process...

CVE-2012-3487

CVE-2012-3487 describes a race condition in Tunnelblick 3.3beta20 and earlier. The flaw lets local users kill unintended processes by waiting for a specific PID value to be assigned to a target process, as documented across multiple sources (NVD, Red Hat, CVE lists). The available materials do no...

CVE-2012-3487

Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process...

Samsung Galaxy S2 World Writeable Directories

Note: I really don't know much about how one writes up vulnerabilities and exploits. I just wanted to root my phone, and found the following apparently previously unknown vulnerabilities. I reported them to Samsung two weeks ago. Affected devices: Vulnerabilities verified on Samsung Galaxy S2 for...

Gentoo Security Advisory GLSA 201207-07 (keepalived)

The remote host is missing updates announced in advisory GLSA 201207-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

[SECURITY] Fedora 17 Update: qemu-1.0.1-1.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 16 Update: qemu-0.15.1-7.fc16

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These updated packages fix the following security issues : - a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. CVE-2007-6207,...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. CVE-2007-3848, Important - A flaw...