Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.
92721278eb65c5e1f8f671b891d965595191b866fed7ef14a87bd372a6353da0
Cisco Security Advisory - A vulnerability in the installation procedure of the Cisco Mobility Services Engine (MSE) appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or virtual appliance install procedure. An attacker could exploit this vulnerability by logging into the device and escalating their privileges. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
e4ae2dfca9d374f8966e4b56f815bff245c3dbd3c901e270334f564a1858f374
Cisco Security Advisory - A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an unauthenticated, remote attacker to log in to the MSE with the default oracle account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. A successful exploit could allow the attacker to log in to the MSE using the default oracle account. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
ca264789af643a26820dace5a09aa6101af15aac89db5f067a24976a43237364
Cisco Security Advisory - A vulnerability in the anti-spam scanner of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA. The vulnerability is due to improper error handling of a malformed packet in the anti-spam scanner. An attacker could exploit this vulnerability by sending a crafted DNS Sender Policy Framework (SPF) text record. A successful exploit could allow the attacker to bypass the anti-spam scanner and generate a malformed packet alert. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
04792a2b425ec2b1a11b8ca2deabf0a4ad7402e2c7458a4e4df4da38129ba17c
Cisco Security Advisory - A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service (DoS) condition. The vulnerability is due to improper input validation when an email attachment contains corrupted fields and is filtered by the ESA. An attacker could exploit this vulnerability by sending a crafted email with an attachment to the ESA. A successful exploit could allow the attacker to cause a DoS condition. While the attachment is being filtered, memory is consumed at at high rate until the filtering process restarts. When the process restarts, it will resume processing the same malformed attachment and the DoS condition will continue. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
3dda53af72c73d9da62402d9a113557bcf8b27f6227a95ca7fd42374418177be
Cisco Security Advisory - A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory. The vulnerability is due to a failure to free memory when a file range is requested through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the WSA. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available.
6c9ce682d80703e84a4b43287be62577d651594c796bea0c6d54ec386cd5c534
Cisco Security Advisory - A vulnerability in the proxy cache functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the device runs out of system memory. The vulnerability is due to improper memory operations by the affected software. The software fails to free a memory object when it retrieves data from the proxy server cache to terminate a TCP connection. An attacker could exploit this vulnerability by opening many proxy connections through the WSA. An exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is leaked. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available.
55c19fe8099d1668813b41bbce2a581c538c4ae3bc714c1feee971281e8fc499
Cisco Security Advisory - A vulnerability in the network stack of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust all available memory, preventing the affected device from accepting new TCP connections. The vulnerability is due to improper handling of TCP packets sent at a high rate. An attacker could exploit this vulnerability by sending crafted TCP packets to the affected system. Note: A full device reload is needed to recover the system to an operational state.
96a0e3ec2c0798960635b78f767b80fd89f3135fd9dd8bd49f5167edee58bace
HP Security Bulletin HPSBGN03519 1 - A potential security vulnerability has been identified in HP Project and Portfolio Management Center. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as " Logjam " which could be exploited remotely resulting in disclosure of information. Note: This vulnerability is in the TLS protocol and not specific to HP Project and Portfolio Management Center. Revision 1 of this advisory.
dfc8ec9b9c71abca586816018362cce4bd2161031e803f0319ded262b444996c
Debian Linux Security Advisory 3393-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
72e5c1890f7f8850f396383ff3d6fc35d3f3f513b99e26e855a9949cd694801a
WordPress plugin Neuvoo-Jobroll version 2.0 suffers from a reflective cross site scripting vulnerability.
44e3af9b0554c36be7f2fc7a780dbf9a268db0af82e45bbcade73406e807d666
Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
f28103bb662242ae801f776d08ccdde67c38f672be8c6e74442448c1196c65d8
UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
1c89d720b3b5bcf99c8b6a7ed237b93afbe8a211e672b40dd1e96e1c500cfdea
Ubuntu Security Notice 2785-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
dbba07af115f849b37a270b8478366a007822e4f6fb2d26a2d111c4d90b83109
Ubuntu Security Notice 2791-1 - Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
048510c419c7f8a7894fe20fe051b1e0b56ac2b48d823b93cdb831c44e100f2a
Ubuntu Security Notice 2790-1 - Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.
9440bdce85531a9cb40fcc653abe53b8f45ea9e011561aee62548769b2b5038f