Cisco Security Advisory - A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges. The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability. This vulnerability affects only devices configured for public key authentication method, also known as RSA-based user authentication feature. Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation.
6bb5a45a2fbd512ed3aa4d90ff71881a50ad9af02083391db8eaf255a2cc93bbCisco Security Advisory - Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
e1f2da6fedc66d63bb64c173c44f2ac66b96073b0f040599afe50fd556f7059aOpen-Xchange Server 6 version 6.22.9 and AppSuite versions 7.6.2 and below suffer from a cross site scripting vulnerability.
c9c4d8ccdad8eb8bf72cebfe60896e103804e4d5ce9efd53ba50b89a83af98c9Guard versions 2.0.0-rev7 and below suffer from a remote SQL injection vulnerability.
3c809640481eb4fdb7281fa918f2ac3bef55825d59b63af8b4673e6934d06de1Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.
ebc5258643f93251773ac8fc97ebdb8aac0a82b9421ca55faf925ae4415070e9Ubuntu Security Notice 2743-2 - USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
986b83654da1e91607d0d1a9f51b803b6779ff1380d7d14bd5db7bbf5cc5c08bUbuntu Security Notice 2743-1 - Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
8d33a81f77c730f95dd16f3bab40f85d87cd0c537040f9d23f930b588ce628dfOnapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276cHP Security Bulletin HPSBGN03391 1 - A potential security vulnerability has been identified with HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
2bf9e9c2b9e092721af653a4f13005c47bad6c8605a730281997473046c6220bHPE Security Bulletin HPSBUX03511 SSRT102248 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f0f4a425f26cfc537edf32966bbe5b3a92ba5abc570439e968df19dcaebde252Red Hat Security Advisory 2015-1814-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-23 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
04645ca6049eed8e86e1550e5b314b7363f20c40256c27ff7eeadf40c1b033a8Debian Linux Security Advisory 3364-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
8bf9da5be4e19bd80a46b0d6dca4e33f958d1700f95fd2553a38de299594cc34Red Hat Security Advisory 2015-1834-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
fbc7cfc2cae262eb85335aecf1f1df1702139190a5fa7f1496fa9aa39509c7aaRed Hat Security Advisory 2015-1833-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
1b9f9de6a561d36e27be6a6d8acd7ecf6adbb0c10073d9c0d28688c297cba284OS X Regex Engine (TRE) suffers from a stack buffer overflow vulnerability.
5ad1dbca55084a0bde0fa1fbe2614f5806fada2f7a3afbc24bc91426dba68011Apple Security Advisory 2015-09-21-1 - watchOS 2 is now available and addresses unexpected application termination and interception issues.
cabb377a29411848af2fa92ccc7f4329097035584b9eec7ebf43de5900d30e88Debian Linux Security Advisory 3363-1 - Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the user in the client side manually distrusts the new certificate, the file syncing will continue using the malicious server as valid.
838ab02bce7d5df058027fde7a8be27958a12c190fa0eaa403db96dd7e837939Debian Linux Security Advisory 3362-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
08600a5869ec82376a12e036f59e2df5397bf0683d9a3185a149eb1202f4eddaDebian Linux Security Advisory 3361-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
8f98520c42ea12728c328d3818e190b35fb874e3108e9df64a3966e3927a8827nevisAuth versions since 4.13.0.0 (2012-11-21) and prior to 4.18.3.1 (2015-07-02) suffer from an authentication bypass vulnerability.
ad23e54747c35436add7b30033271b8704ead8a7da713d8ec53805179693f1deMicrosoft's login.live.com suffered from an arbitrary text injection vulnerability.
13050494ea55145d9ae59c2e080a6d8b2cf3856001c6c47c7af05cc3b4288b3eApple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.
8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2Apple Security Advisory 2015-09-16-3 - iTunes 12.3 is now available and addresses code execution, application termination, memory corruption, and various other vulnerabilities.
6f990daa4923e677ff4f144e3210e8d15244910af965e15253c5d0b75d5b2f47Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.
7a3af52221713d401a1c4f2c0809a381ca1e1c7cc53f03c7a03efe9fde6277f6Apple Security Advisory 2015-09-16-1 - iOS 9 is now available and addresses denial of service, information disclosure, and various other issues.
9fd697c7c99863744ab08fa1e360cde32e9825a823a4a708279ed659764693f2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed