This is an rebase fixing CVE-2016-9963. We had to rebase, because the EPEL version became unsupported by upstream.
Monthly Archives: January 2017
exim-4.88-2.el7
This is new version of exim fixing CVE-2016-9963
CVE-2016-10097
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM – Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
Trend Micro Virtual Mobile Infrastructure apns_worker.py Command Injection (CVE-2016-6270)
A remote command execution vulnerability exists in Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system that could lead to arbitrary command execution under the security context of system.
Memcached process_bin_sasl_auth Integer Underflow (CVE-2016-8706)
An integer underflow vulnerability exists in the Memcached binary protocol. This vulnerability is due to a lack of bounds checking in the process_bin_sasl_auth function. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached that can lead to a buffer overflow and possible code execution in the context of the user.
Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation (MS16-136; CVE-2016-7250)
A privilege escalation vulnerability exists in Microsoft SQL Server. The vulnerability is due to the improper handling of a SQL query containing a UNC path. A remote, authenticated attacker can exploit the vulnerability by sending a crafted SQL request to the server. Successful exploitation could allow an attacker to gain the password hashes of the account used to run the server service.
Memcached process_bin_append_prepend Integer Overflow (CVE-2016-8704)
An integer overflow vulnerability exists in memcached. This vulnerability is due to a lack of bounds checking in the process_bin_append_prepend function while processing commands that append or prepend data to existing key-value pairs. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached.
Netsparker Web Scanner
A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Netsparker to detect vulnerabilities on a target server.
Mikrotik Router Remote Denial Of Service (CVE-2012-6050)
A vulnerability in the Winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have additional impact via a request to download the router’s DLLs or plugins.
Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection
An SQL injection vulnerability exists in Dell SonicWALL Universal Management Suite. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of SYSTEM on the target host.