CVE-2016-8317

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network...

CVE-2016-8317

CVE-2016-8317 affects Oracle FLEXCUBE Investor Servicing (Unit Trust subcomponent) in Oracle Financial Services Applications. Affects supported versions 12.0.1, 12.0.2, 12.0.4, 12.1.0 and 12.3.0. The vulnerability enables a low-privilege user who has network access via HTTP to compromise the serv...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability related to privilege escalation in the NVIDIA GPU operating system for Android is linked to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is...

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability related to privilege escalation in the NVIDIA GPU operating system for Android is linked to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code of a local malware application within the kernel context. This issue is...

ICSMA-17-017-01_BD Alaris 8000 Insufficiently Protected Credentials Vulnerability

OVERVIEW This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. Becton, Dickinson and Company BD has identified an insufficiently protected credentials vulnerability in BD’s Alaris 8000 Point of Care PC unit, which provid...

Cross site scripting

Cross-site scripting XSS vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2016-8428

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

DEBIAN-CVE-2016-9845

QEMU aka Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIOGPUCMDGETCAPSETINFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes...

Fuzzer for Individual Method Parameters: RamFuzz

Fuzzer for Individual Method Parameters RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and the log can be replayed to repeat the exact same test scenario. But RamFuz...

QEMU 'virtio-gpu-3d.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. QEMU's 'virtio-gpu-3d.c' file has a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

Tests Crypto Libraries Against Known Attacks: Wycheproof

Rests Crypto Libraries Against Known Attacks Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. In cryptography, subtle mistakes can have catastrophic consequences. Good...

UBUNTU-CVE-2016-9912

Quick Emulator Qemu built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtiogpuresourcedestroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host...

[SECURITY] Fedora 24 Update: msgpuck-1.1.3-1.fc24

MsgPack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. msgpuck is very lightweight header-only library designed to be embedded to your application by the C/C++...

[SECURITY] Fedora 25 Update: msgpuck-1.1.3-1.fc25

MsgPack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. msgpuck is very lightweight header-only library designed to be embedded to your application by the C/C++...

Tesla Motors Gateway ECU Command Injection Vulnerability

The Tesla Motors Gateway ECU is a set of firmware used to manage the car and provide driving functions. A security vulnerability in the Tesla Motors Gateway ECU firmware handling updates allows remote attackers to exploit the vulnerability to submit malicious updates that inject arbitrary command...

Fedora 25 : 1:tomcat (2016-f4a443888b)

This updates includes a rebase from tomcat 8.0.32 up to 8.0.36 to resolve : - rhbz1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service and also includes the following bug fixes : - rhbz1341850 tomcat-jsvc.service has TOMCATUSER value hard-coded -...

systemd security and bug fix update

219-30.0.1.3 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - add hv dynamic memory support Jerry Snitselaar Orabug: 18621475 - rules: load sg module 1223340 - run: drop mistakenly committed test code...

How to Verify the Maximum Transmission Unit For a Given Network Path

When implementing jumbo frames for storage it is important to verify what the actual Maximum Transmission Unit MTU is for the path between your host and storage unit. The steps included in this document will return a quantitative value unique to the given environment...