We discovered two critical vulnerabilities in OSSIM (versions prior to 5.0.1) that may be abused to take control of an OSSIM system and escalate privileges from an unprivileged local user access. A vulnerability affecting the asset discovery scanner allowed any authenticated user to execute arbitrary commands remotely (CVE-2015-4046). It was then possible to escalate privileges thanks to a specifically crafted Nmap script, and gain root access on the machine (CVE-2015-4045). Both were responsibly disclosed.

Lire la suite




================================================
Multiple vulnerabilities in POSH web application
================================================

    Description
    ===========

    Multiple Cross-Site Scripting vulnerabilities, a design vulnerability and an SQL vulnerability have been found in the last version of POSH

Lire la suite





Description

A flaw was found in the core ext4, which allow a local user with the CAP_SYS_RESOURCE privilege to cause a denial of service. To trigger this flaw, the user need a specific privilege, that why the risk is very low.

Lire la suite


Description

Two memory leaks was discovered in the versions before vzkernel patch 042stab080.2. One memory leak in ploop: The ploop_getdevice_ioc function in drivers/block/ploop/dev.c in the vzkernel patch before 042stab080.2 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory. One memory leak in quota: The compat_quotactl function in fs/quota/quota.c in the vzkernel patch before 042stab080.2 does not initialize a certain length variable,

Lire la suite


Description

Linux Kernel contains a flaw in the mmc_ioctl_cdrom_read_data() function in drivers/cdrom/cdrom.c that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when reading a block from the user's system, which can result in the associated buffer not being completely filled. This may allow a local attacker to gain access to arbitrary information stored within the kernel memory.

Lire la suite