Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2889-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2889-2 advisory. It was discovered that a use-after-free vulnerability existed in the AFUNIX implementation in the Linux kernel. A local attacker could use crafted epollc...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2887-2)

It was discovered that a use-after-free vulnerability existed in the AFUNIX implementation in the Linux kernel. A local attacker could use crafted epollctl calls to cause a denial of service system crash or expose sensitive information. CVE-2013-7446 It was discovered that the KVM implementation ...

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-2890-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2890-2 advisory. It was discovered that a use-after-free vulnerability existed in the AFUNIX implementation in the Linux kernel. A local attacker could use crafted epollc...

The vulnerability of microprogrammed software in programmable logic controllers PCD allows a intruder to gain administrator privileges.

The vulnerability of PCD programmable logic controllers’ microprogramming software exists due to the rigid encoding of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain administrator privileges through an FTP session...

PCD Hardcoded Password Vulnerability in Multiple Saia Burgess Controls Products

Saia Burgess Controls PCD Controller is a family of programmable controllers for measurement, regulation and control tasks from Saia Burgess Controls, Switzerland. A security vulnerability exists in a number of Saia Burgess Controls products and stems from the program's use of hard-coded...

Vulnerability of microprogrammed software for Micrologix 1100 and 1400 programmable logic controllers, allowing a intruder to execute arbitrary code

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 is caused by buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerability of the microprogramming software for Micrologix 1100 and 1400 programmable logic controllers, allowing attackers to execute arbitrary SQL commands

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 lies in the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a remote intruder to execute any desired code.

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controller is due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to inject JavaScript code into the device remotely...

Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A cross-site scripting vulnerability exists in the implementation of Modicon PLC, which can be exploited by an attacker to construct a specific URL and execute arbitrary Java...

QEMU - Programmable Interrupt Timer Controller Heap Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=419c4 The programmable interrupt timer PIT controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and heap-overflow...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a intruder to perform inter-site fraudulently by manipulating requests.

The software of the programmable logic controller Simatic S7-1200 contains a vulnerability in its built-in server port 80 TCP and port 443 TCP. Exploiting this vulnerability allows for inter-site request forgery attacks...

[SECURITY] Fedora 20 Update: python-2.7.5-16.fc20

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

kernel: kvm: PIT timer race condition

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT Programmable Interval Timer emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host...

kernel: kvm: PIT timer race condition

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT Programmable Interval Timer emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host...

IBM WebSphere MQ Resource Management Denial of Service Vulnerability

IBM WebSphere MQ is used to provide messaging services in the enterprise. A security vulnerability exists in IBM WebSphere MQ, which can be exploited by remote attackers to cause a denial of service with the 'PCF query' privilege with the help of a specially crafted query...

Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs

There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN...

Siemens SIMATIC S7-1200 Open Redirect Vulnerability

The Siemens SIMATIC S7-1200 is a modular PLC controller. An open redirection vulnerability exists in integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware prior to version 4.1, which allows remote attackers to redirect a user to an arbitrary web site via an unspecified vector...

Majority of 4G USB Modems, SIM Cards Exploitable

Researchers say 4G USB modems contain exploitable vulnerabilities through which attackers could, and researchers have, managed to gain full control of the machines to which the devices are connected. Researchers from Positive Technologies presented a briefing detailing how to compromise USB modem...

kernel: kvm: PIT timer race condition

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT Programmable Interval Timer emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host...

Ubuntu 14.10 : linux vulnerabilities (USN-2396-1)

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...