<< Previous Next >>
Common Vulnerabilities and Exposures
enabled, a remote attacker could send a carefully crafted request
that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.
The Common Vulnerabilities and Exposures project has assigned the
names CVE-2006-5752, CVE-2007-3304 and CVE-2007-1863 to these issues.
clamav < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in ClamAV,
which can potentially be exploited by malicious people to cause a
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for NSS_db
The service console package NSS_db is updated to version
nss_db-2.2-35.4.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0826 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
Mitigation
- Do not allow untrusted users access to your virtual machines.
Root or Administrator level permissions are not required to
exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1516 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
disclosure vulnerabilities that allow remote, unauthenticated access
to arbitrary files on vulnerable devices via the embedded HTTPS
server. The first vulnerability affecting the Cisco IronPort
Encryption Appliance administration interface is documented in
IronPort bug 65921 and has been assigned Common Vulnerabilities and
Exposures (CVE) identifier CVE-2010-0143. The second vulnerability
affecting the WebSafe servlet is documented in IronPort bug 65922 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2010-0144.
The Cisco IronPort Encryption Appliance contains a remote code
vulnerable to a SQL injection vulnerability that could allow an
unauthenticated, remote attacker to obtain usernames and
passwords that are configured on an affected device.
This vulnerability is documented in Cisco bug ID CSCtq65669 and
has been assigned Common Vulnerabilities and Exposures (CVE)
ID CVE-2011-2546
* Privilege Escalation Vulnerability
An authenticated user who is logged in to an affected device
chkconfig vmware-webAccess off
VMware would like to thank David Byrne and Tom Leavey of Trustwave's
SpiderLabs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2277 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
order for the vulnerability to be successfully exploited, however
authentication is "not" required. The default TCP port number for
SSLVPN is 443.
This vulnerability is documented in Cisco bug ID CSCsk62253
and Common Vulnerabilities and Exposures (CVE) identifier
CVE-2009-0626 has been assigned to this vulnerability.
SSLVPN sessions cause a memory leak in the device
+------------------------------------------------
Multiple buffer overflows exist within the UCP CSuserCGI.exe
code. CSuserGCI.exe is the HTTP interface to the server.
This vulnerability is addressed by Cisco Bug ID CSCsl49180 and
has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-0532
* Cross Site Scripting Vulnerabilities.
Cross-site scripting vulnerabilities exist within the UCP
Denial of Service Vulnerabilities
+--------------------------------
These vulnerabilities are documented in the following Cisco Bug ID and
have been assigned the following Common Vulnerabilities and Exposures
(CVE) identifiers:
* CSCsq44516 - CVE-2009-0058
Web authentication is a Layer 3 security feature that causes the
Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR
Software, as a 2 byte AS number BGP speaker send BGP updates with
a maximum of 255 AS numbers.
This vulnerability is documented in Cisco Bug ID CSCsy86021 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2009-1168.
The second vulnerability could cause an affected device to reload when
the affected device processes a malformed BGP update that has been
crafted to trigger the issue. The following three conditions are
exploit this vulnerability by logging in to the system as the Help
Desk Administrator user and changing the password for the
administrative user.
This vulnerability is documented in Cisco bug ID CSCtd45141
and has been assigned Common Vulnerabilities and Exposures (CVE)
ID CVE-2012-0366.
Cisco Unity Connection Denial of Service Vulnerability
+-----------------------------------------------------
....
!--- remaining output truncated.
This vulnerability is documented in Cisco bug ID CSCsj58566
and Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-1151 has been assigned to this vulnerability.
* Virtual Access Interfaces Are Not Re-used
Upon completion of a PPTP session, affected devices do not remove
A corrupt VMDK delta disk, or virtual machine would have to be loaded
by an administrator.
VMware would like to thank Craig Marshall for reporting this issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4914 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0111.html
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Oracle Secure Backup Administration Server login.php Command Injection
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769
the host to elevate their privileges.
VMware Workstation and Player running on Microsoft Windows are not
affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-4295 to this issue.
VMware would like to thank Dan Rosenberg for reporting this issue.
The following table lists what action remediates the vulnerability
resources.
VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
a. ESX third party update for Service Console kernel
This update takes the console OS kernel package to
kernel-2.6.18-238.9.1 which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,
CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015,
CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086,
CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477,
CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865,
- --------------
Coda users should apply the updates committed by NetBSD [2] and FreeBSD[3].
Common Vulnerabilities and Exposures (CVE) Information
- ------------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned
the number CVE-2010-3014 to this issue. This is a candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
Contact your mobile operator to ensure the proper policy is set on
your device.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
or downgrading VCS firmwares, verify that the host key has not changed back
to the publicly known one with fingerprint:
49:53:bf:94:2a:d7:0c:3f:48:29:f7:5b:5d:de:89:b8
Common Vulnerabilities and Exposures (CVE) Information
- ------------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned
the number CVE-2009-4510 to this issue. This is a candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
Recommendation:
All users should upgrade to the latest version of R-Viewer 1.6.3768.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
- --------------
Apply VMware-supplied updates to affected products, or download
distribution-supplied security updates if using the opem-vm-tools package.
Common Vulnerabilities and Exposures (CVE) Information
- ------------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned the numbers
CVE-2011-1787, CVE-2011-2145, and CVE-2011-2146 to these issues. These are
candidates for inclusion in the CVE list (http://cve.mitre.org), which
standardizes names for security problems.
Windows Mobile 5.0 Please see your handset manufacturer to obtain the update
customized for your device. This issue is fixed in Windows Mobile 6.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
Note that other vulnerabilities were identified in firmware versions prior to
x5.1.1. Therefore, upgrading to this version is recommended. See CVE-2009-4510
and CVE-2009-4511 for more information.
Common Vulnerabilities and Exposures (CVE) Information
- ------------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned
the number CVE-2009-4509 to this issue. This is a candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
In the interim of a fix being released by the Vendor to
address this vulnerability, service providers should implement
network filtering controls to restrict inbound ICMP requests
to these devices.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has
assigned the following names to these issues. These are
candidates for inclusion in the CVE list (http://cve.mitre.org),
which standardizes names for security problems.
inspect the domains presented in these messages to see if they match the domain
of the expected site.
Common Vulnerabilities and Exposures (CVE) Information
------------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned
the number CVE-2010-0556 to this issue. This is a candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
Remove the cmdjob functionality. Alternatively, limit network
access to the specific ports to only those hosts that require it.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the
following names to these issues. These are candidates for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for security
problems.
at http://www.lyris.com/support/listmanager/archives.html. Affected
clients can download a new version and install it over the previous
installation.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
<<Previous Next>>
|
