HP Security Bulletin HPSBGN03570 1 - A potential vulnerability has been identified in HPE Universal CMDB. The vulnerability could be exploited to allow remote disclosure of information and URL redirection. Revision 1 of this advisory.
cded0beb7c038c4fd2805a428dfa827a51defd9dee0f292b95bd6480ed3e3308Red Hat Security Advisory 2016-0610-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.616. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
5145ad8c00fcfd2b59e1d57411a22febeb7e651b05d88217b455d025ff236f82Debian Linux Security Advisory 3546-1 - Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed.
210b69d1809ea34e8a405f8283167621310c8d09463d3ddcad623f46f56f28e6Ubuntu Security Notice 2917-2 - USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. Various other issues were also addressed.
f36da0e5e9db6c8e433d61406ed2aa35dd8f3f26d8a337c2a2daff062a748a1dDebian Linux Security Advisory 3545-1 - Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks.
cef76764039e0dc67f7f5789189b07c4250b3fb6df5795f7458602bbcee0e4fdDebian Linux Security Advisory 3544-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
e938d6dc16c823fc64821adc1c53531026cd4e21074c23113d3177cbd9bba05cCisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
928c6530cba8cef4c2160491fdeb7e11e4bde9837ec559bca4c37bd8cfd2a00bCisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
4f504a8e65a78983efb4fbc931f0790e7a157648bb0b95f63cf24cd5bd00dc54Cisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
8912d63c55f18962c3d38d962f306cf388c614a9e03a0a8c11f1404b10ca8722HP Security Bulletin HPSBST03568 1 - A potential security vulnerability has been identified with HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition Software including Device Manager and Hitachi Automation Director (HAD). The vulnerability could be remotely exploited resulting in Server-Side Request Forgery (SSRF). Revision 1 of this advisory.
8f7cd216efe627a62425d39c1d879f871c8f891349194ff54bb3354f8471f142HP Security Bulletin HPSBGN03569 2 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 2 of this advisory.
fef3d41637e48d083862ff126529ccde22bdff9c792cc65ee94e07dafe71a719Cisco Security Advisory - A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be used to conduct further attacks. Cisco has released software updates that address this vulnerability. Workarounds are not available.
d7ac5c4bf2a8dad64205d027b31b5c341d2271183d4151ac91c4f9b18ecf844bCisco Security Advisory - A vulnerability in the application programming interface (API) web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter. An attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges on the application to view and edit unauthorized data. Cisco has released software updates that address this vulnerability. Workarounds are not available.
9d3bdc4e5f13f048163b3b33b01e614a8bc0bd55fb3ce905a671834d079141f4Cisco Security Advisory - A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
34b23cc530d785e28b3cca3354f4c54b2624933b6c666f21ace5e46f2bd98764Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.
3190c8010d3158046fed24fe39c4f0bba14a6dceff1ddf7ffb4f75cf4b6b29abPanda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.
a9b0b633852d1bfa15f74b01a50238f33b6bea360eb3c5eb3d8a877bc3f67c15A weakness in the Linux ASLR implementation has been addressed.
dc611674639e17d87db4bc8f7c419a93127da71cfb5a237027c9ffac55a2e504CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Versions affected include 7.1, 8.0, 8.1, 8.2, 8.3, and 8.4.
d75ce9c00c2cc4cc2833e147503b98c91bbedd492653fd12e4463e86d064dac4Red Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.
b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23fDebian Linux Security Advisory 3541-1 - High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.
e23b46e4ad95b874f9e497641a751002dc3c31cf66a6ab1d5fcf9d9b56be8bf7Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.
a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109Red Hat Security Advisory 2016-0601-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.
932038321dd0b89f4e08ede9ca33a95b9d44f53d2a5e3bb5d5f2bf80334fd5d7Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d07b7f92a7fee24f280aee13f62ed578e757644b36f2aded17031c4d2ee6e33eUbuntu Security Notice 2947-1 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
1589a71a5392734b1ae81742ea08c3d1505de7730a5f381c44076a2fbb5cda36Ubuntu Security Notice 2946-2 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
0038e1460e63ff5cc6aaf80a71168ed50dafde78ce37b3363aa006a996681a76
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed