USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3000-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3000-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

CVE-2016-4785

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-4784

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Design/Logic Flaw

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Design/Logic Flaw

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-4785

SiemenS SIPROTEC 4/Compact EN100 Ethernet modules are affected by CVE-2016-4785. The integrated web server (port 80) could disclose a limited amount of device memory content to remote attackers with network access, and the issue only affects EN100 Ethernet modules inside SIPROTEC4 and SIPROTEC Co...

CVE-2016-5040

libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a large length value in a compilation unit header...

RHEL 7 : docker (RHSA-2016:1034)

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-2965-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-3 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerability (USN-2965-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-4 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2970-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2970-1 advisory. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. A...

kernel: MTU value is not validated in IPv6 stack causing packet loss

It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking packet loss by setting an invalid MTU value, for example, via a NetworkManager...

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability

Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the...

CVE-2016-1596

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

QEMU MIPSnet Emulator Buffer Overflow Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A buffer overflow vulnerability exists in the 'mipsnetreceive' function in QEMU's MIPSnet emulator. A remote attacker can exploit this vulnerability to cause a denial o...

UBUNTU-CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors...

Unit Converter - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Unit Converter published at the 'play' market has multiple vulnerabilities...

The vulnerability of the NX-OS network operating system allows a hacker to induce a maintenance failure.

The vulnerability of the NX-OS network operating system exists due to insufficient checking of PDU fragments in SNMP packets. Exploiting this vulnerability can allow a malicious actor to trigger a service failure reloading of the SNMP application by using a specially crafted packet...