Ubuntu: Security Advisory (USN-2394-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...

PT-2014-5418 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.17.2 Description: A race condition in the kvm migrate pit timer function in the KVM subsystem allows guest OS users to cause a denial of service host OS crash by leveraging incorrect PIT emulation. A local gues...

Patch Available for Schneider Electric Serial Modbus Driver

Schneider Electric, a leading provider of industrial control systems, recently patched a remotely exploitable vulnerability in a driver found in 11 of its products. The Industrial Control Systems Computer Emergency Response Team ICS-CERT released an advisory yesterday alerting users to the...

Siemens SIMATIC S7-1200多个漏洞

CVE ID: CVE-2014-2249,CVE-2014-2250,CVE-2014-2252,CVE-2014-2254,CVE-2014-2256,CVE-2014-2258 SIMATIC S7-1200是可编程控制器，可实现简单却高度精确的自动化任务。 Siemens SIMATIC S7-1200 4.0.0之前版本在实现上存在多个漏洞，可被恶意利用执行跨站请求伪造、劫持用户会话、造成拒绝服务。 1、向TCP端口443发送特制的数据包造成的错误可造成设备进入defect模式。 2、随机生成器内弱熵相关错误，可导致劫持另外用户的会话。...

IBM developing Self-Destructing Microchips for US Defense

Science Fiction Movies always show the possible direction of the development of technology and gives us the opportunity to think about it. The U.S. Government is also trying to develop such technology that was introduced in movies like Star Trek and TERMINATOR i.e. Self destructing Network of...

[ipset_list] ipset set listing wrapper script

Features: Calculate sum of set members and match on that count. List only members of a specified set. Choose a delimiter character for separating members. Show only sets containing a specific glob matching header. Arithmetic comparison on headers with an integer value. Match members using a...

CVE-2012-4697

CVE-2012-4697 affects TURCK BL20 and BL67 Programmable Gateways. The vulnerability stems from hard-coded admin credentials , enabling remote attackers to gain administrative access via the FTP service (Port 21/TCP). Impact includes potential compromise of availability, integrity, and confidential...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

TURCK BL20 and BL67 Programmable Gateway Hard-Coded User Accounts

OVERVIEW Researcher Rubén Santamarta of IOActive has identified hard-coded user accounts in TURCK’s BL20 and BL67 Programmable Gateways. Exploitation of this vulnerability would allow an attacker to have remote administrative access to the device. This vulnerability affects programmable gateways...

DHS Warns ICS, SCADA Owners About Increase in Malicious Activity

An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system ICS owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of...

Ubuntu Update for linux-ec2 USN-1388-1

Ubuntu Update for Linux kernel vulnerabilities USN-1388-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13881.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-ec2 USN-1388-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Th...

Ubuntu: Security Advisory (USN-1389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in KVM's Programmable Interval Timer PIT...

USN-1389-1: Linux kernel vulnerabilities

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in KVM's Programmable Interval Timer PIT...

kernel: kvm: pit timer with no irqchip crashes the system

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

USN-1384-1: Linux kernel (Oneiric backport) vulnerabilities

A bug was discovered in the Linux kernel's calculation of OOM Out of memory scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. CVE-2011-4097 Paolo Bonzini...

UBUNTU-CVE-2011-4622

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...

Stuxnet 3.0 to be possibility released at MalCon?

Stuxnet 3.0 to be possibility released at MalCon? Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper...

Dillon Beresford Talked Siemens Vulnerabilities

NSS researcher Dillon Beresford continued his research into the security of SCADA and industrial control systems with a talk on vulnerabilities in Siemens Step 7 programmable logic controllers. Read more: Black Hat: Remote DOS, Backdoor, Easter Egg Among Newly Discovered Siemens Holes...