Monthly Archives: December 2016

NVD

CVE-2016-7892

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

Hackers News

Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach

In what believe to be the largest data breach in history, Yahoo is reporting a massive data breach that disclosed personal details associated with more than 1 Billion user accounts in August 2013.

…And it’s separate from the one disclosed by Yahoo! in September, in which hackers compromised as many as 500 Million user accounts in late 2014.

What’s troubling is that the company has not been

Nagios

CVE-2016-9566

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. (CVSS:7.2) (Last Update:2016-12-16)

Nagios

CVE-2016-9565

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. (CVSS:7.5) (Last Update:2016-12-16)