<< Previous Next >>
products
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml
* Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml
Affected Products
=================
Vulnerable Products
+------------------
been assigned to this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml.
Affected Products
=================
Vulnerable Products
+------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0005
Synopsis: VMware products address vulnerabilities in WebAccess
Issue date: 2010-03-29
Updated on: 2010-03-29 (initial release of advisory)
CVE numbers: CVE-2009-2277 CVE-2010-1137 CVE-2010-0686
CVE-2010-1193
- ------------------------------------------------------------------------
- ---------------------------------------------------------------------
Summary
=======
Certain Cisco products that use Microsoft Active Template Libraries
(ATL) and headers may be vulnerable to remote code execution. In some
instances, the vulnerability may be exploited against Microsoft
Internet Explorer to perform kill bit bypass. In order to exploit this
vulnerability, an attacker must convince a user to visit a malicious
web site.
A workaround is available for the second vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Affected Products
=================
Vulnerable Products
+------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0016
Synopsis: VMware Hosted products, VirtualCenter Update 3 and
patches for ESX and ESXi resolve multiple security issues
Issue date: 2008-10-03
Updated on: 2008-10-03 (initial release of advisory)
CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103
CVE-2008-3104 CVE-2008-3105 CVE-2008-3106
- ---------------------------------------------------------------------
Summary
=======
Several products in the Cisco Unified Communications family of
products contain a command execution vulnerability in the Disaster
Recovery Framework (DRF) feature. A remote, unauthenticated user
could exploit this vulnerability to execute arbitrary commands that
may allow full administrative access to affected systems. There is a
workaround for this vulnerability.
Updated January 13, 2011
Summary:
The vulnerability that was identified in the RSA Key Manager (RKM) C client 1.5 which may expose the product to SQL Injection attack has been addressed. An attacker having access to encrypted data could have leveraged this vulnerability to alter the RKM C Client 1.5 cache.
Platforms:
Note:Effective October 18, 2011, Cisco moved the current list of
Cisco Security Advisories and Responses published by Cisco PSIRT. The
new location is:
http://tools.cisco.com/security/center/publicationListing
You can also navigate to this page from the Cisco
Products and Services menu of the Cisco Security Intelligence
Operations (SIO) Portal. Following this transition, new Cisco Security
Advisories and Responses will be published to the new location.
Although the URL has changed, the content of security documents and
the vulnerability policy are not impacted. Cisco will continue to
disclose security vulnerabilities in accordance with the published
Exploitation of these vulnerabilities could result in a DoS condition or an
information disclosure.
Cisco has released free software updates that address these vulnerabilities in
the latest versions of Cisco Unified Contact Center products.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
Hewlett Packard Company would like to thank Michael White working with the Symantec Vulnerability Research for reporting this issue to security-alert@hp.com
RESOLUTION
HP had provided the following patches to resolve the vulnerability. The patch kits can be downloaded from http://support.openview.hp.com/selfsolve/patches by searching for product 'HP TestDirector for Quality Center', Product version 9.2 and Optional keyword 'Patch8'.
Title: Monthly patch8 - TD4QC_00033
Document ID: KM425256
Product: TestDirector for Quality Center Version: 9.2
OS: AIX
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet P3005
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar10.html
Affected Products
=================
Vulnerable Products
+------------------
To obtain HP StorageWorks 1/8 G2 Tape Autoloader, MSL2024, MSL4048, and MSL8096 library firmware files, follow these steps:
Go to http://www.hp.com/support/storage
Select the appropriate product from the list and follow the instructions from the web page.
Note : In case of problems finding the appropriate product or firmware, use the Product Search function from http://www.hp.com/support/downloads
Alternatively, firmware files are available through the HP StorageWorks Library and Tape Tools diagnostic: http://www.hp.com/support/tapetools
Product
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
- Thierry, stop sending us POC files, YOU CANNOT EVADE PROVENTIA, IT is
IMPOSSIBLE, IRREVQUABLE, PERIOD !!!!
>Silence
- Thierry here is our report, you DID evade all our proventia products, we will
credit you.
In the timeline below you find my summary
TZ> - Thierry, stop sending us POC files, YOU CANNOT EVADE PROVENTIA, IT is
TZ> IMPOSSIBLE, IRREVQUABLE, PERIOD !!!!
>>Silence
TZ> - Thierry here is our report, you DID evade all our proventia products, we will
TZ> credit you.
TZ> In the timeline below you find my summary
TZ>> - Thierry, stop sending us POC files, YOU CANNOT EVADE PROVENTIA, IT is
TZ>> IMPOSSIBLE, IRREVQUABLE, PERIOD !!!!
>>>Silence
TZ>> - Thierry here is our report, you DID evade all our proventia products, we will
TZ>> credit you.
TZ>> In the timeline below you find my summary
available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml.
Affected Products
=================
Vulnerable Products
+------------------
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
Note: Each firmware update has instructions for finding the firmware version installed on the product.
Product
Resolved in Firmware Version
HP LaserJet 4345mfp
* http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
* http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
* http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
* http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml
Affected Products
=================
Products running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for MPLS VPNs or VRF Lite are potentially affected.
impact. Attacks to exploit these type of vulnerabilities has been
discussed on several public forums [2][3]. To maintain and improve user
inter-operation with virtualized and non-virtualized systems VMware's
software implements a number of inter-system communication features. The
Shared Folder mechanism is one of such features and is enabled by default
in all VMware's products that provide it.
VMware's shared folders allow users to transfer data between a virtualized
system (Guest) and the non-virtualized Host system that contains it. This
form of data transfer is available to users of the Guest system through
read and write access to file system folders shared by both Guest and Host
- ---------------------------------------------------------------------
Summary
=======
Unified Contact Center and Intelligent Contact Management products
contain a vulnerability that may result in unauthorized access to the
web-based reporting and script monitoring tool (Web View) and the
web-based configuration tool (Web Admin).
This advisory is posted at
identified in this advisory is CVSS v2 Base Score: 4
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Affected Products:
* RSA enVision versions prior 3.7 SP1
Unaffected Products:
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
+---------------------------------------------------------------------
Summary
=======
The Cisco Wireless LAN Controller (WLC) product family is affected by
a denial of service (DoS) vulnerability where an unauthenticated
attacker could cause a device reload by sending a series of ICMP
packets.
Cisco has released free software updates that address this
The Hewlett-Packard Company thanks ProCheckUp Ltd. for reporting CVE-2011-1537 to security-alert@hp.com.
RESOLUTION
HP has provided HP SNMP Agents for Linux v8.7.0 or subsequent and HP Insight Management Agents for Windows v8.70.0 or subsequent to resolve the vulnerabilities. These products are available as individual patches. They are also available on the Proliant Support Pack (PSP).
Patches
Red Hat Enterprise Linux - HP SNMP Agents v8.7.0
The Common Vulnerability Scoring System (CVSS) Base Score for the item identified by CVE-2011-2740 in this advisory is: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C). See Oracle Advisory for the details of CPU Update July 2011. RSA recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with a particular security vulnerability.
Affected Products:
RSA Key Manager Appliance 2.7 Service Pack 1
<<Previous Next>>
|
