Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference

Exploit for linux platform in category dos / poc Linux cypressm8 Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crash...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference

Exploit for linux platform in category dos / poc Linux cdcacm Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes ...

Linux Kernel 3.10.0 (CentOS RHEL 7.1) - cypress_m8 Nullpointer Dereference

Linux Kernel 3.10.0 CentOS RHEL 7.1 - cypressm8 Nullpointer Dereference OS-S Security Advisory 2016-07 Linux cypressm8 Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference

Exploit for linux platform in category dos / poc Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel...

Linux visor clie_5_attach Null Pointer Dereference

OS-S Security Advisory 2016-09 Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid U...

Linux wacom Multiple Null Pointer Dereferences

OS-S Security Advisory 2016-11 Linux wacom multiple Nullpointer Dereferences Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on...

The vulnerability of the Firebird database management system allows a perpetrator to cause a service failure.

The vulnerability of the Firebird database management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause service failures by using the service dispatcher to execute the gbak utility with incorrect parameters...

lib32-nettle: improper cryptographic calculations

CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...

kernel security update

kernel 2.6.18-408 - net udp: fix behavior of wrong checksums Denys Vlasenko 1240757 CVE-2015-5364 CVE-2015-5366 - net ipv6/udp: Use correct var to determine non-blocking cond Denys Vlasenko 1240757 CVE-2015-5364 CVE-2015-5366 - net SNMP: Restore Udp6InErrors incrementation Denys Vlasenko 1240757...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:0021-1)

This update fixes the following security issues : - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. bsc957162 CVE-2015-7512 - Infinite loop in processing command block list. CVE-2015-8345 bsc956829 : Also a non-security bug fixed : - Fix cases of wrong...

EPSON Network Utility eEBSVC.exe Wrong Authorization Vulnerability

EPSON Network Utility is a set of programs from Japan's Epson EPSON to provide printer drivers with the ability to be used on a network. A misauthorization vulnerability exists in EPSON Network Utility 4.10. It allows local users to gain privileges via a Trojan horse file...

RedHat Enterprise Linux 7.1 Denial Of Service

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt [email protected] OS-S Security Advisory 2015-04 http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf Date: October 7th, 2015 Last Updated: October 7th, 2015 Authors: Sergej Schumilo, Hendr...

Oracle: Security Advisory (ELSA-2015-3073)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

php -- multiple vulnerabilities

PHP reports: Core: Fixed bug 70172 Use After Free Vulnerability in unserialize. Fixed bug 70219 Use after free vulnerability in session deserializer. EXIF: Fixed bug 70385 Buffer over-read in exifreaddata with TIFF IFD tag byte value of 32 bytes. hash: Fixed bug 70312 HAVAL gives wrong hashes in...

FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)

[email protected] reports : An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...

Froxlor 0.9.33.1 MySQL Login Disclosure

------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...