529 matches found
F5 Networks BIG-IP : NTP vulnerability (K10600056)
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP...
Check Point response to NTP "panic threshold" Bypass Vulnerability (CVE-2015-5300)
...
Oracle Linux 7 : ntp (ELSA-2015-2231)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2231 advisory. - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 -...
[SECURITY] [DSA 3388-1] ntp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3388-1 [email protected] https://www.debian.org/security/ Kurt Roeckx November 01, 2015 https://www.debian.org/security/faq -...
Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2783-1 advisory. Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker...
ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...
Important: Red Hat Security Advisory: ntp security update
Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2015-06840)
Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. An explicit vulnerability exists in Oracle MySQL Server versions prior to 5.6.25. Allows an authenticated remot...
A large number of Cisco security devices was traced to the presence of a default SSH key-vulnerability warning-the black bar safety net
! Cisco revealed that a large number of Cisco security devices was traced to the presence of a default SSH key, an attacker can use this vulnerability to control the device. The scope of the impact Cisco's security experts found that a lot of Cisco security devices in the presence of a default SS...
Windows 9 Start Menu Demo Video Leaked Online
After providing the glimpses of the next Windows, one of the screenshot leakers has now obtained a short video showing off a build of the very new Windows 9, aka "Threshold," features as well as how users can expect to use it. Two German sites, ComputerBase and WinFuture, posted 20 screenshots on...
Cloudflare: Password reset threshold not set
Your web application https://www.cloudflare.com does not have a password reset threshold set. this means that your client and users account can be flooded with password reset emails which can result in spam to the mailer's inbox. You should implement a threshold to prevent this attack...
Ensnare Web Application Attack Detection Utility Released
BOSTON – Two engineers from Netflix this week released to open source a security tool that detects attacks against web applications—and also reacts to those attacks with responses they hope will flummox a hacker to the point that he moves on to his next target. The utility is called Ensnare and i...
Health Service (Monitoring Host) Handle Count has exceeded the threshold
Challenge The following alerts about handle counts on the collector server are raised: Health Service Monitoring Host Handle Count has exceeded the threshold Health Service Handle Count has exceeded the threshold Cause The monitors raising the mentioned alerts ensure that the "Process\Handle Coun...
Wechat arbitrary User Password Change vulnerability-vulnerability warning-the black bar safety net
Found today a micro-channel Group issued a vulnerability. Also didn't play. It is patched So it is with this vulnerability to produce The same problem arises in the reset user password link In the wechat official home on the found a new the following function modules ! After the visit to see this...
[SECURITY] [DSA 2500-1] mantis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2500-1 [email protected] http://www.debian.org/security/ Florian Weimer June 24, 2012 http://www.debian.org/security/faq -...
CVE-2012-1146
The memcgroupusageunregisterevent function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...
Null pointer dereference
The memcgroupusageunregisterevent function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...
PT-2012-3098 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.2.10 Description: The issue is related to the mem cgroup usage unregister event function in mm/memcontrol.c, which does not properly handle multiple events attached to the same eventfd. This can be exploited b...
UBUNTU-CVE-2012-1146
The memcgroupusageunregisterevent function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...
Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)
Mon Oct 4 2010 Marek Kasik 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch Fix comparison. - Add freetype-2.3.11-CVE-2010-2806.patch Protect against negative stringsize. Fix comparison. - Add freetype-2.3.11-CVE-2010-2808.patch Check the total length of collected POST segments. - Add...