All Hot News World. Public world blog, journal online reviewed.

Mac OS X Operating System, PacketStorm Security

RSS feed: Mac OS X Operating System, PacketStorm Security
Fri, 21 Dec 2018 09:01:39 GMT
Operating System: Mac OS X ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Thu, 20 Dec 2018 18:23:00 GMT
Ubuntu Security Notice USN-3848-1
Ubuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed. [ + ]
Wed, 31 Oct 2018 01:11:49 GMT
Ubuntu Security Notice USN-3847-1
Ubuntu Security Notice 3847-1 - It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed. [ + ]
Tue, 19 Jun 2018 20:22:22 GMT
Red Hat Security Advisory 2018-3092-01
Red Hat Security Advisory 2018-3092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability. [ + ]
Wed, 11 Apr 2018 01:28:45 GMT
Red Hat Security Advisory 2018-1879-01
Red Hat Security Advisory 2018-1879-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability. [ + ]
Thu, 16 Nov 2017 17:20:00 GMT
Red Hat Security Advisory 2018-0805-01
Red Hat Security Advisory 2018-0805-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer overflow and denial of service vulnerabilities. [ + ]
Fri, 03 Nov 2017 23:23:23 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:09.shm
FreeBSD Security Advisory - Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. [ + ]
Sat, 30 Sep 2017 23:23:23 GMT
Tor Browser 7.0.8 IP Address Leak
TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser. [ + ]
Mon, 28 Aug 2017 12:16:00 GMT
Mac OS X Local Javascript Quarantine Bypass
Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. [ + ]
Mon, 28 Aug 2017 12:15:00 GMT
Ubuntu Security Notice USN-3405-2
Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed. [ + ]
Wed, 02 Aug 2017 00:22:56 GMT
Ubuntu Security Notice USN-3405-1
Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed. [ + ]
Mon, 19 Jun 2017 23:55:23 GMT
Red Hat Security Advisory 2017-1916-01
Red Hat Security Advisory 2017-1916-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. [ + ]
Mon, 19 Jun 2017 23:54:48 GMT
Red Hat Security Advisory 2017-1481-01
Red Hat Security Advisory 2017-1481-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. [ + ]
Mon, 19 Jun 2017 23:54:30 GMT
Red Hat Security Advisory 2017-1480-01
Red Hat Security Advisory 2017-1480-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. [ + ]
Sat, 03 Jun 2017 12:12:12 GMT
Red Hat Security Advisory 2017-1479-01
Red Hat Security Advisory 2017-1479-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. [ + ]
Thu, 04 May 2017 13:14:15 GMT
Parallels Desktop 12.2.0 Virtual Machine Escape
Parallels Desktop version 12.2.0 and below suffer from a vulnerability that allows remote file sharing to be leveraged against the host operating system for arbitrary code execution. [ + ]
Sun, 30 Apr 2017 18:32:22 GMT
Atlassian SourceTree 2.5c Client URL Handler Command Injection
Atlassian SourceTree Client version 2.5c and prior contain a client URL handler command injection vulnerability that allows attackers to execute specially crafted sourcetree:// commands with arbitrary arguments on multiple platforms. [ + ]
Sat, 29 Apr 2017 18:32:22 GMT
HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation
HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability. [ + ]
Fri, 14 Apr 2017 02:23:44 GMT
HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation
HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability. [ + ]
Wed, 22 Mar 2017 17:24:00 GMT
GNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
GNS3 Mac OS-X version 1.5.2 ubridge privilege escalation exploit. [ + ]
Wed, 22 Mar 2017 17:23:00 GMT
Cisco Security Advisory 20170322-l2tp
Cisco Security Advisory - A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. [ + ]
Tue, 21 Mar 2017 14:49:19 GMT
Cisco Security Advisory 20170322-dhcpc
Cisco Security Advisory - A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. [ + ]
Fri, 17 Mar 2017 10:10:00 GMT
Red Hat Security Advisory 2017-0680-01
Red Hat Security Advisory 2017-0680-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. [ + ]
Wed, 15 Feb 2017 14:21:25 GMT
Cisco Security Advisory 20170317-cmp
Cisco Security Advisory - A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and The incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. [ + ]
Wed, 01 Feb 2017 14:29:32 GMT
Cisco Security Response 20170214-smi
Cisco Security Response - Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, upgrade the IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software. Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol that by design does not require authentication. [ + ]

Debian Security Advisory 3778-1
Debian Linux Security Advisory 3778-1 - Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. [ + ]
PacketStorm Security

2013 Copyright © Techhap.com Mobile version 2015 | PeterLife & company World news today. Popular science publications online. The best manufacturers in the world. Products for industrial purposes. News of science and technology. Encyclopedic articles. Photos and videos. Science History. Promotion of manufacturers sites. Industrial goods. Display of goods stores online. | Terms of use Link at is mandatory if site materials are using fully or particulary. | Skimlinks helps publishers monetize editorial content through automated affiliate links for products. News: Affiliate programm. | Script Nevius. | Site Public Relations 1PS. | Hosting: Valuehost.
Yandex.ru