Cisco Security Advisory - A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. Successful exploitation could allow the attacker to access the system with the privileges of the root user. In addition to the root user, the guest user account also has a default and static password. The guest account is created at installation and cannot be changed or deleted without impacting the functionality of the system. However, this account has limited privileges on the system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
ebdd6dfecaa4338c4ee32b9b3ab8d478Debian Linux Security Advisory 3450-1 - Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.
d6bc02a8bddb355340b2cba1703824acOpenVAS Greenbone Security Assistant versions 6.x below 6.0.8 suffer from a cross site scripting vulnerability.
1a59a781c3efcec650c13bb74e014137Apple Security Advisory 2016-01-19-3 - Safari 9.0.3 is now available and addresses privacy and multiple memory corruption vulnerabilities.
68e4a30025de49d9eabd0b9c407b35e3Apple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.
1a3cee9c9c4fc15f51453f6d8a64e885Apple Security Advisory 2016-01-19-1 - iOS 9.2.1 is now available and addresses memory corruption and privacy issues.
470cd82843f59354869fd415b08df6f6LiteSpeed Web Server version 5.1.0 suffers from an HTTP header injection vulnerability.
bece966a42fae106ba7987bef7376642Ubuntu Security Notice 2876-1 - Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges.
97a59594a8a453d7fee8b903a0abd70fDebian Linux Security Advisory 3449-1 - It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.
ad418bd1af06945d747e7e8b7a57ec26Cisco Security Advisory - A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Unified Computing System (UCS) Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotecting calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability.
81be42b796da948d3e3551e62ead161fHP Security Bulletin HPSBGN03534 1 - A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.
94a36f3a65796e981165d8e35889449fLinux kernel REFCOUNT overflow / use-after-free in keyrings exploit.
34396c12f213e51a4db58308f7b55727Ubuntu Security Notice 2874-1 - It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
6f43fac3672c40d7ece9b592b2ef1126The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
d26a148d834635363ac8cdd707828302Ubuntu Security Notice 2875-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.
07b53ecec5889dacd9144ce7a83ccb33
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed