Cisco Security Response - Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, upgrade the IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software. Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol that by design does not require authentication.
710f50b6b06fe5e115b57cbe592f3bcdf8a41ddd4acd0ce1cfa610c91c585c24HPE Security Bulletin HPESBHF03703 1 - Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
acee65a7f7bf8e6864f7a5a2cd37a53233475319b0b9438bbf1aabc525e19afeHPE Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.
f0c06ebaec88aec23e84f37977d91e2eb98e5a99892aedf3a308541a60ec2218Red Hat Security Advisory 2017-0275-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
df4c6d6d122373926d9c58ca23abee2e6553b7bbd2d6c7355aab32acb9b7e74bRed Hat Security Advisory 2017-0270-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
b402cbcea2c91801d89322ab611f389f87c85a4c5c6f65a271fc93df62547a68Red Hat Security Advisory 2017-0272-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. This release of Red Hat JBoss Data Virtualization 6.3 Update 4 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 3, and includes bug fixes and enhancements.
f62988350cc956a1bacace4a5fd0e071532f41b7c6c5ec0ca6fc769631b8d619Ubuntu Security Notice 3196-1 - It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.
93a3a63f183948f98ba44574ebc7c6018713099ee6eeda9cb488a74da210e230HP Security Bulletin HPSBMU03691 1 - Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotely resulting in remote denial of Service (DoS), cross-site request forgery (CSRF), remote execution of arbitrary commands, disclosure of sensitive information, cross-site scripting (XSS), bypass access restriction or unauthorized modification. Revision 1 of this advisory.
5a6300cd07db8aac889b73990a0bf5f4d05a4d50059bb2513a0f1e88ece0ae94Gentoo Linux Security Advisory 201702-8 - Multiple vulnerabilities have been found in VirtualBox, the worst of which might allow unauthorized changes to some critical or all accessible data. Versions less than 5.0.32 are affected.
2e1c830c27edb02d45128a5b6abe9c4aeea757074fcc5fe27d12ebb567eca310Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.
2868de12def1f5a6465fb81ae04a5637b8d741fa182174ea0276c56a6a11b31dDebian Linux Security Advisory 3788-1 - It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
fccc0e8d24e2cbcbdebf909d672df71e172027daa703372b076c575d5a5dedabDebian Linux Security Advisory 3787-1 - It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
94be7fb07b29564d3b1c3d4e2124cdac1418c3f4069cb841360f49990bcc4d48Debian Linux Security Advisory 3786-1 - Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.
775e4571e4739d88dd471a192db988fda5b5e581ca0322f3046583eea651759eRed Hat Security Advisory 2017-0269-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.
a21fd41c808b6aa885c14600c8570e57296cb524081c9778b48c723d181b5111HPE Security Bulletin HPESBGN03698 1 - Multiple security vulnerabilities in OpenSSL have been addressed in HPE DDMi. Revision 1 of this advisory.
72e0bf35dd974663c4f5f225e2511c6d4094f26138404130089e9ab9c6be4685HP Security Bulletin HPSBMU03692 1 - Multiple potential security vulnerabilities have been identified in HPE Matrix Operating Environment (MOE) on Windows. The vulnerabilities could be exploited remotely resulting in the Bypass of Security Restrictions, cross-site request forgery (CSRF), cross-site scripting (XSS), Denial of Service (DoS), Disclosure of Information, and Execution of Arbitrary Code. Revision 1 of this advisory.
d734e68989cbfbc4be512dafe6404e46d2e78c0f4363cea681f59bf053260a4dSlackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. NOTE: These updates also require the updated libpcap package.
9454d9680fcc638d5ac0de8c9586334e96801a03b7486c3e6272564e49872202Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
5054ac2d26cabfc26e61bb9b5a91e4b509c19fce4f38e23de656fbf80a92804eSlackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
4b83eb4778dd1ad58130c6ca504a220795ceb3f5f3ead2b30a42ef3dbbb5de0bHPE Security Bulletin HPESBHF03704 1 - A potential security vulnerability has been identified in HPE OfficeConnect Network Switches. The vulnerability could be exploited locally to allow unauthorized data modification. Revision 1 of this advisory.
f8e12846d40a09cb55d0c3fb72ebce2ace67ce6ec656b2d1b21f60e52caec56bHPE Security Bulletin HPESBNS03702 1 - Several potential security vulnerabilities have been discovered in the Bash Shell in NonStop OSS Core Utilities. The vulnerabilities allow local users to execute arbitrary commands with root privileges. Revision 1 of this advisory.
b394c6436beea9a6bf8342eba0148f8bddd15f76db1bb124829cbda5a60ef3e9Debian Linux Security Advisory 3784-1 - Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.
afa0fb01f3ee6704ce34146a07c85e283846d5b8bcfef8645353b5331a6f50eaWebKitGTK+ has been updated to address a large quantity of vulnerabilities ranging from memory corruption to arbitrary code execution.
df60b93cf570a4f73123a64b2850f9720b93f0c2cd77cfefa61c6ae8b3005102Debian Linux Security Advisory 3783-1 - Several issues have been discovered in PHP, a widely-used open source general-purpose scripting language.
ebbe1c793550190b2bc47c8667a87f2d51ed603b010931f7a0749bc6c465e05eDebian Linux Security Advisory 3782-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel attacks.
786b57941e85dce2aa0c84048363490a99588af0393d00d26d2512a02e69f5f0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed