search for: vuln

...======================================== The following bugs have been addressed in this release: http://bugs.centos.org/view.php?id=6721 ==================================================== The following security issues are addressed in this release: CVE-2013-0343: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0343 CVE-2013-2015: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2015 CVE-2013-2147: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2147 CVE-2013-2888: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2888 CVE-2013-2889: http://web.nvd.nist.g...

...======================================== The following bugs have been addressed in this release: http://bugs.centos.org/view.php?id=6721 ==================================================== The following security issues are addressed in this release: CVE-2013-0343: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0343 CVE-2013-2015: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2015 CVE-2013-2147: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2147 CVE-2013-2888: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2888 CVE-2013-2889: http://web.nvd.nist.g...

...rnel/v3.x/ChangeLog-3.10.53 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0206 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3534 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3601 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4014 http://web.nvd.nist.g...

...rnel/v3.x/ChangeLog-3.10.41 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.43 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0049 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0055 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0069 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0077 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0155 http://web.nvd.nist.gov...

Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar

...CVE-2017-7494.html > > For this second bug, I did some work on CVSS scores: > > I've had a go at a CVSSv3 score for the normal case here (password > required to > write to shares): > > AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) > > https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P > R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > > for the AD DC, assuming only sysvol/netlogon shares (which should be > admin-only) but that administrator isn't root: > > AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (6.7) > &gt...

Just a heads-up even though it''s probably not remotely sploitable:: Unprivileged local users can gain elevated (root) privileges. http://www.securityfocus.com/archive/1/386436/2005-01-04/2005-01-10/0 http://isec.pl/vulnerabilities/isec-0021-uselib.txt

does anyone know if this applies to CentOS 3 or 4 latest update? http://www.openssl.org/news/vulnerabilities.html

Hi, it seems that there is a vulnerability in OpenSSH including version 3.3. Using privilege separation do not fix the problem but fail the intruder in the chroot of the sshd daemon. The OpenBSD team announce that they will release a new version 3.4 on monday that fix the vulnerability. Will a new version of portable OpenSSH be al...

On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml at etr-usa.com> wrote: >>> >> There have been remotely exploitable vulnerabilities where an arbitrary file could be read > > CVEs, please? > > I?m aware of vulnerabilities that allow a remote read of arbitrary files that are readable by the exploited process?s user, but for such an exploit to work on /etc/shadow, the process has to be running as root. >...

...moving all my infrastructure to Debian9, changed my ADDC from Win2K12 to Samba4 scanning my network I found the following: -------------------------------------------------------------------------------------------------------------------------------- koratsuki at happyharry:~$ nmap --script smb-vuln-ms08-067.nse -p445 smb-addc.tld Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-18 08:14 CDT Nmap scan report for smb-addc.tld Host is up (0.00073s latency). PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-vuln-ms08-067: | VULNERABLE: | Microsoft Windows syste...

I am running Linux 2.0.30 (Redhat 4.2) and have recently been hacked. I have tightened up security but still feel vulnerable. In running the program mscan which was kindly left on my system I get this. bullnet.co.uk: VULN: linux box vulnerable to named overflow. 194.242.135.145: VULN: redhat linux box running imapd. This is after upgrading to the versions as below. bind-4_9_7-0 imap-4.1.final-0 Should I be...

...since the previous kernel: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4587 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6367 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6368 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6376 ===================================================== NOTE: You must run /usr/bin/g...

...19.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the normal case here (password required to write to shares): AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C for the AD DC, assuming only sysvol/netlogon shares (which should be admin-only) but that administrator isn't root: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (6.7) https://nvd.nist.gov/vuln-metrics/c...

...on: Code Labs >Confidential: no >Synopsis: [vuxml] editors/vim: document netrw issues >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: A bunch of vulnerabilities were discovered in Vim: http://www.rdancer.org/vulnerablevim-netrw.html http://www.rdancer.org/vulnerablevim-netrw.v2.html http://www.rdancer.org/vulnerablevim-netrw.v5.html http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html Some of them affect Vim >=7.0 and < 7.2...

...rnel/v3.x/ChangeLog-3.10.41 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.43 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0049 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0055 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0069 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0077 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0155 http://web.nvd.nist.gov...

...since the previous kernel: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4587 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6367 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6368 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6376 ===================================================== NOTE: You must run /usr/bin/g...

Hi I'm using CentOS 3, and it's fully patched using yum. Apache reports version 2.0.46 (CentOS) A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not? # Apache/2.0.46 (CentOS) - Apache 2.0 to 2....

Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you

...rnel/v3.x/ChangeLog-3.10.53 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0206 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3534 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3601 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4014 http://web.nvd.nist.g...