Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
Monthly Archives: December 2016
xen-4.6.4-3.fc24
ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815,
CVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747)
qemu: Divide by zero vulnerability in cirrus_do_copy (#1399055)
[CVE-2016-9921, CVE-2016-9922]
Qemu: 9pfs: memory leakage via proxy/handle callbacks (#1402278)
qemu ioport array overflow [XSA-199, CVE-2016-9637]
Vuln: Linux Kernel 'ip_tunnel.c' Local Integer Overflow Vulnerability
Linux Kernel ‘ip_tunnel.c’ Local Integer Overflow Vulnerability
CVE-2016-5423
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CVE-2016-5424
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) ” (double quote), (2) (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Ubuntu Security Notice USN-3153-1
Ubuntu Security Notice 3153-1 – Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2016-2933
Red Hat Security Advisory 2016-2933 – An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
Red Hat Security Advisory 2016-2932-01
Red Hat Security Advisory 2016-2932-01 – An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
Smart Guard Network Manager 6.3.2 SQL Injection
Smart Guard Network Manager version 6.3.2 suffers from a remote SQL injection vulnerability.
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.