HP Security Bulletin HPSBHF03535 1 - Potential security vulnerabilities have been identified with HPE iMC OSS and iMC Plat running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of code, Denial of Service (DoS), or other impacts to affect confidentiality, integrity, and availability. Revision 1 of this advisory.
595375a238aed5557e42803a578e2001676951037673cfc577db639bce0e8bbd
HP Security Bulletin HPSBGN03532 1 - Potential security vulnerabilities have been identified in Intellicus and the client certificate upload components of HPE ArcSight Logger. The vulnerabilities could be remotely exploited by unauthorized users to allow bypass of security restrictions resulting in arbitrary code execution, file upload, and file deletion. Revision 1 of this advisory.
8fea13f8a3a9539a323de29199732978e32c08e9f617228082e378d4e7280c23
Cisco Security Advisory - A vulnerability in the Admin portal of devices running Cisco Identity Services Engine (ISE) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. An attacker who can connect to the Admin portal of an affected device could potentially exploit this vulnerability. A successful exploit may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of Cisco ISE software that resolves this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
ac992d9883b10e34c66deba77b58a16df223551af899029c9112482eb1053436
Cisco Security Advisory - Devices running Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an affected device could exploit this vulnerability. A successful exploit may compromise the device completely. Customers are advised to upgrade to a version of Cisco WLC software that addresses this vulnerability. There are no workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability.
05d2a7a9b828f546520e282399018f9eb91e523b31431b112f03c5ae6d0587dd
Cisco Security Advisory - A vulnerability in the IP ingress packet handler of Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to cause a complete denial of service (DoS) condition. The vulnerability is due to improper input validation of IP packet headers. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. An successful exploit could allow the attacker to cause the device to reload unexpectedly. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
5a7de60b10213ed639c86ff1ca2de6ae2e578ff47c798d1dadaead8a36218bb1
Cisco Security Advisory - A vulnerability in Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to log in to the device by using a default account that has a static password. By default, the account does not have full administrative privileges. The vulnerability is due to the presence of a default user account that is created when the device is installed. An attacker could exploit this vulnerability by logging in to the device by using the default account, which could allow the attacker to gain unauthorized access to the device. Cisco released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
d5583bfcecbc2723568b382ec61b7b3479f17fffe95e3a8027c5557599344828
Debian Linux Security Advisory 3442-1 - It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected.
730341f8f573e1e4f31a7553a2a1938ced94b7cb16fce0e25138b7b2dffe8b0a
Microsoft IExpress suffers from a DLL hijacking vulnerability.
c046dc4fed92c22322d06496dfde0ad5b5847f6679318b23c0565d39a376a4ae
Ubuntu Security Notice 2868-1 - Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to stop responding, resulting in a denial of service.
c5a7a3c159969f4761a1a33373c3d712d4644dd05a52df278088429555d95a96
EasyDNNnews versions prior to 7.5 suffer from a cross site scripting vulnerability.
c301e8eddd3eb44f1d899c7ce2722b610bd164ac4b7e465bd2cb23277bc8e516
Ubuntu Security Notice 2859-1 - Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
82504a93e04e1ac80687aedcc6628b8bf98000bffd1c9cda341647ee185f09a2
WordPress Commentator plugin version 2.5.2 suffers from a cross site scripting vulnerability.
523e7fdeafa01597c47cd9c66c893c6ab2ef88aebc9fb1701358aaa160e507ba
Printer virtualization under VMware Workstation involves a vprintproxy.exe process launched by vmware-vmx.exe on the Host. It will receive and process EMFSPOOL files sent by a Guest on its COM1 port, if a virtual printer has been added to the VM hardware (default). Several vulnerabilities in this component allow an unprivileged Guest user to execute code on the Host.
fec748c19dbac68964e8e4b5197912845973a2971377e9833bd31bde9ed4c3a1
SAP HANA 4 suffers from a cross site scripting vulnerability.
a0daf36520fc56176d67238cb460461404b24b55ef1a82573fb40b74b8c00c63
dolibarr versions prior to 3.8.3 suffer from an html injection vulnerability.
15875b200a0e36f8a952cfdef4e70e93f25ab2063a0dce23b85d731ca4060b18
WordPress No External Links plugin versions 2.6.3 and 2.7.1 suffer from an open redirection vulnerability.
0d099a5a3dd7d27b7b589fa9b1e370c236585430dd00a0045adee0e345a47336
WordPress Tubepress plugin version 2 suffers from a cross site scripting vulnerability.
07249b5b649b4b8a398d0f438306525211428fed75f9326abab4cb44384a3974