Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4Red Hat Security Advisory 2015-2589-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap. A local attacker could potentially use this flaw to execute arbitrary code on the system. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
500d94725a7bca027910198d11bcaf63c36b7385c61ae995036c7436f222d112Red Hat Security Advisory 2015-2199-07 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
f94e9bae1ee9312a7c4a7f82ecb9725f410c0b7a137de93a1b8c44897482e087Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.
0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903Ubuntu Security Notice 2519-1 - Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. Various other issues were also addressed.
1b157586f2ed9c751bb741fa0ea8c7d75c284f263ee1da14e33f7921b5b19b1dDebian Linux Security Advisory 3169-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
3fe931b7ce23c334ac550e9b3f9ce61c02f2b4cad71b1b7018abfe10daf65a20
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed