Monthly Archives: August 2016

Security

Ubuntu Security Notice USN-3070-2

Ubuntu Security Notice 3070-2 – A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

NVD

CVE-2016-5342

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data.

NVD

CVE-2016-5344

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.

NVD

CVE-2016-7115

Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.

Full Disclosure

Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438

Posted by Onapsis Research on Aug 30

Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…

Full Disclosure

Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437

Posted by Onapsis Research on Aug 30

Onapsis Security Advisory ONAPSIS-2016-016: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3437

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…

Full Disclosure

Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436

Posted by Onapsis Research on Aug 30

Onapsis Security Advisory ONAPSIS-2016-017: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3436

1. Impact on Business
=====================
By exploiting this vulnerability a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…

Full Disclosure

Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439

Posted by Onapsis Research on Aug 30

Onapsis Security Advisory ONAPSIS-2016-015: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439

1. Impact on Business
=====================
By exploiting this vulnerability a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
– Public Release Date: 07/28/2016
– Last Revised: 07/28/2016
– Security Advisory…