PT-2017-4331 · Hikvision · Hikvision Ds-2Cd2432F-Iw

Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2432F-IW affected versions not specified Description: The issue is related to the use of a default SSID without WiFi encryption or authentication in Hikvision IP cameras. This can allow a remote attacker to gain elevated...

Update Rollup 10 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 10 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the new features that are added and the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 R2 Virtual Machine Manager. The following updates are available for System Cent...

Debian DLA-772-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAPNETADMIN capability could set a socket's buffer size to be negative, leading ...

Product update: Virtuozzo 7.0 Update 3

The new packages for Virtuozzo 7.0 introducing new features and bug fixes. Vulnerability id: PSBM-56838 Kernel panic when creating ploops on NVMe devices. Vulnerability id: PSBM-56668 HWIDs could not be obtained for SGI UV 1000 nodes. Vulnerability id: PSBM-56667 vzlicview could incorrectly detec...

QEMU 'VIRTIO_GPU_CMD_SET_SCANOUT()' function out of bounds denial of service vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. An out-of-bounds denial of service vulnerability exists in the QEMU 'VIRTIOGPUCMDSETSCANOUT' function. An attacker could exploit this...

CVE-2016-9964

redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...

CVE-2016-9964

redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...

Mozilla Firefox ESR 45.x < 45.6 Multiple Vulnerabilities

The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.6. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, such as when handling document state changes or HTML5 content, or else due to dereferencing alrea...

Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...

CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...

[ASA-201612-15] firefox: multiple issues

Arch Linux Security Advisory ASA-201612-15 ========================================== Severity: Critical Date : 2016-12-14 CVE-ID : CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-99...

DEBIAN-CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

ALPINE-CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

UBUNTU-CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...

Fedora 24 : phpMyAdmin (2016-2424eeca35)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

DEBIAN-CVE-2016-8655

Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socket version, related to the packetsetring and packetsetsockopt functions...

Fedora 23 : phpMyAdmin (2016-7fc142da66)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

openSUSE Security Update : phpMyAdmin (openSUSE-2016-1406)

This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed : - Unsafe generation of $cfg'blowfishsecret' PMASA-2016-58 - phpMyAdmin's phpinfo functionality is removed PMASA-2016-59 - AllowRoot and allow/deny rule bypass with specially crafted...

Fedora 25 : phpMyAdmin (2016-6576a8536b)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

UBUNTU-CVE-2016-8655

Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socket version, related to the packetsetring and packetsetsockopt functions...