Vulnerabilities

8 June, 2016

CVE-2016-2150

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

8 June, 2016

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

8 June, 2016

CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

8 June, 2016

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

8 June, 2016

CVE-2015-1797

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

7 June, 2016

CVE-2016-5108

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

7 June, 2016

CVE-2016-4369

HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

7 June, 2016

CVE-2016-4368

HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

7 June, 2016

CVE-2016-4367

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

7 June, 2016

CVE-2016-4366

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

7 June, 2016

CVE-2016-4365

HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

7 June, 2016

CVE-2016-4364

HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

7 June, 2016

CVE-2016-4363

HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.

7 June, 2016

CVE-2016-4362

HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

7 June, 2016

CVE-2016-4361

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.

Страницы:

<
1
2
3
4
5
...
4511
4512
>

Vulnerabilities

10.06.2016

CVE-2016-5233

Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.

10.06.2016

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

10.06.2016

CVE-2016-4429

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

10.06.2016

CVE-2016-3720

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

10.06.2016

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

10.06.2016

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

Cisco

in to section

30 September, 2013

Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device.
30 September, 2013

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload.
30 September, 2013

Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
27 October, 2011

Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities
Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device.
27 October, 2011

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device.
27 October, 2011

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability
Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.
7 October, 2011

Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability
The Cisco 10000 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets.
7 October, 2011

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities.
7 October, 2011

Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device.
7 October, 2011

Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities
Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain.

Microsoft

11 June, 2014

MS14-035: Cumulative Security Update for Internet Explorer (2969262)
This security update resolves two publicly disclosed vulnerabilities and fifty-seven privately reported vulnerabilities in Internet Explorer.
11 June, 2014

MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync.
10 June, 2014

MS14-034: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
This security update resolves one privately reported vulnerability in Microsoft Office.
10 June, 2014

MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
This security update resolves a privately reported vulnerability in Microsoft Windows.
10 June, 2014

MS14-032: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)
This security update resolves a privately reported vulnerability in Microsoft Lync Server.
10 June, 2014

MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
This security update resolves a privately reported vulnerability in Microsoft Windows.
10 June, 2014

MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259)
This security update resolves a privately reported vulnerability in Microsoft Windows.
13 May, 2014

MS14-029: Security Update for Internet Explorer (2962482)
This security update resolves two privately reported vulnerabilities in Internet Explorer.
13 May, 2014

MS14-028: Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
This security update resolves two privately reported vulnerabilities in Microsoft Windows.
13 May, 2014

MS14-027: Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
This security update resolves a privately reported vulnerability in Microsoft Windows.

FreeBSD

26 December, 2011

FreeBSD-SA-11:10.pam: pam_start() does not validate service names
If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.
26 December, 2011

FreeBSD-SA-11:09.pam_ssh: pam_ssh improperly grants access when user account has unencrypted SSH private keys
If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.
26 December, 2011

FreeBSD-SA-11:08.telnetd: telnetd code execution vulnerability
An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).
26 December, 2011

FreeBSD-SA-11:07.chroot: Code execution via chrooted ftpd
If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code with elevated ("root") privileges.
26 December, 2011

FreeBSD-SA-11:06.bind: Remote packet Denial of Service against named(8) servers
A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.
29 September, 2011

FreeBSD-SA-11:05.unix: Buffer overflow in handling of UNIX socket addresses
A local user can cause the FreeBSD kernel to panic.
30 November, 2010

FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism.
11 November, 2010

FreeBSD-SA-10:09.pseudofs: Spurious mutex unlock
The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.
20 September, 2010

FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.
13 July, 2010

FreeBSD-SA-10:07.mbuf: Lost mbuf flag resulting in data corruption
The read-only flag is not correctly copied when a mbuf buffer reference is duplicated.

Malware

4 October, 2010

SymbOS.Zeusmitmo
SymbOS.Zeusmitmo is a Trojan horse that runs on Symbian Series 60 2nd Edition mobile devices. It opens a back door that allows a remote attacker to steal information from SMS messages received on the compromised device.
4 October, 2010

Packed.Vmpbad!gen5
Packed.Vmpbad!gen5 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software. This heuristic detection is used to detect threats associated with multiple threat families.
4 October, 2010

Hacktool.RemNtSrv
BehaviorHacktool.RemNtSrv is a tool that can be used to remove a specific service from a computer. Although the tool is not malicious by itself, it can be used for malicious purposes in order to remove legitimate running services.
4 October, 2010

W32.Pilleuz!gen12
W32.Pilleuz!gen12 is a heuristic detection that may include members of the W32.Pilleuz family of threats.
4 October, 2010

Trojan.Fortemp!Inf
Trojan.Fortemp!Inf is a detection for infected files that attempts to download and execute files from randomly named domains.
4 October, 2010

Backdoor.Tidserv!gen8
30 September, 2010

SecurityRisk.PassGrab
30 September, 2010

Backdoor.Darkmoon!gen
30 September, 2010

Bloodhound.Exploit.349
30 September, 2010

Bloodhound.Exploit.350