Command injection

runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3572)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3572 advisory. 2.6.39-400.280.1 - Fix cpu bootup stall with large cpu count Zhenzhong Duan Orabug: 23481040 - megaraidsas : Update threshold based reply post host index...

Unbreakable Enterprise kernel security update

2.6.39-400.280.1 - Fix cpu bootup stall with large cpu count Zhenzhong Duan Orabug: 23481040 - megaraidsas : Update threshold based reply post host index register [email protected] Orabug: 23536267 2.6.39-400.279.1 - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani Orabug...

IBM WebSphere MQ Arbitrary Command Execution Vulnerability

IBM WebSphere MQ is a messaging middleware product. An arbitrary command execution vulnerability exists in IBM WebSphere MQ, which can be exploited by a local attacker to execute arbitrary commands with elevated privileges...

IBM WebSphere MQ for IBM i Password Acquisition Vulnerability

IBM WebSphere MQ is a messaging middleware product. A password acquisition vulnerability exists in the IBM WebSphere MQ mqcertck tool, which can be exploited by a local attacker to decrypt other MQ administrator passwords with administrator privileges...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

DEBIAN-CVE-2016-2544

Race condition in the queuedelete function in sound/core/seq/seqqueue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service use-after-free and system crash by making an ioctl call at a certain time...

CVE-2016-2416

libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified...

UBUNTU-CVE-2016-2416

libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified...

CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

DEBIAN-CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

UBUNTU-CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

CVE-2016-2057

lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...

jenkins: Queue API did show items not visible to the current user (SECURITY-186)

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

Android mediaserver security bypass vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA. mediaserver is one of the multimedia service components. A security vulnerability exists in the 'BnGraphicBufferProducer::onTransact' function in the...

CVE-2016-0829

The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and...

UBUNTU-CVE-2016-0829

The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and...

UBUNTU-CVE-2016-2544

Race condition in the queuedelete function in sound/core/seq/seqqueue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service use-after-free and system crash by making an ioctl call at a certain time...

PT-2016-3240 · Yodl +2 · Yodl +2

Name of the Vulnerable Software and Affected Versions: yodl versions prior to 3.07.01 Description: The issue is caused by a buffer over-read in the queue push function, located in queue/queuepush.c. This could allow a remote attacker to compromise the confidentiality, integrity, and availability ...