| New User, Welcome! Login |
<< Previous Next >>
security vulnerabilities
Services menu of the Cisco Security Intelligence Operations (SIO)
Portal. Following this transition, new Cisco Security Advisories and
Responses will be published to the new location. Although the URL has
changed, the content of security documents and the vulnerability
policy are not impacted. Cisco will continue to disclose security
vulnerabilities in accordance with the published Security
Vulnerability Policy.
Affected Products
Products and Services menu of the Cisco Security Intelligence
Operations (SIO) Portal. Following this transition, new Cisco
Security Advisories and Responses will be published to the new
location. Although the URL has changed, the content of security
documents and the vulnerability policy are not impacted. Cisco will
continue to disclose security vulnerabilities in accordance with the
published Security Vulnerability Policy.
Affected Products
=================
Products and Services menu of the Cisco Security Intelligence
Operations (SIO) Portal. Following this transition, new Cisco
Security Advisories and Responses will be published to the new
location. Although the URL has changed, the content of security
documents and the vulnerability policy are not impacted. Cisco will
continue to disclose security vulnerabilities in accordance with the
published Security Vulnerability Policy
Affected Products
=================
Advisory: Multiple security vulnerabilities in AShop
Advisory ID: INFOSERVE-ADV2011-02
Author: Stefan Schurtz
Contact: security@infoserve.de
Affected Software: Successfully tested on AShop513
Vendor URL: http://www.ashopsoftware.com/
Vendor Status: fixed in Version 5.1.4
==========================
Vulnerability Description:
game logic are based on the GPL source release of the Quake III Arena
engine and game logic by id Software.
The de facto upstream developer of the Quake III engine is now another
fork, ioquake3; in particular, ioquake3 fixes many security
vulnerabilities present in the original Quake III Arena source release.
Unlike (for instance) OpenArena or Urban Terror, Tremulous has diverged
from the original Quake III Arena engine, so it cannot be played using
an unmodified ioquake3 engine.
The Tremulous website advertises two versions of the game:
>>>>>>>>>
>>>>>>>>>
>>>>>>> should
>>>>>>>
>>>>>>>
>>>>>>>>> be patched for security vulnerabilities until about 2014. Both XP
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Home
>>>>>>>>
>>>>>>>>
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in ghostscript:
A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).
Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n.
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP StorageWorks Storage Mirroring. These vulnerabilities could be exploited remotely to execute arbitrary code, cause a Denial of Service (DoS), or gain unauthorized access.
References: CVE-2009-0716, CVE-2009-0717, CVE-2009-0718
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP StorageWorks Storage Mirroring v5 prior to v5.1.1.1090.15
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in jasper:
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer
JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted
attackers to cause a denial of service (crash) and possibly corrupt
>> issuing a patch for a DoS level issue,
>>
> Can you cite a reference?
>
> Unless Microsoft has changed their end of life policy [1], XP should
> be patched for security vulnerabilities until about 2014. Both XP Home
> and XP Pro's mainstream support ended in 4/2009, but extended support
> ends in 4/2014 [2]. Given that we know the end of extended support,
> take a look at bullet 17 of [1]:
>
> 17. What is the Security Update policy?
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Insight Control server migration for Windows . These vulnerabilities could be exploited remotely for cross site scripting (XSS).
References: CVE-2010-1557
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Insight Control server migration for Windows for all versions prior to v6.0
Potential Security Impact: Remote Cross Site Scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS).
References: CVE-2009-2684
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders with the Embedded Web Server (EWS)
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with ActiveX controls in HP Instant Support HPISDataManager.dll running on Microsoft Windows. The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code.
References: CVE-2007-5604 (CERT VU#754403), CVE-2007-5605 (CERT VU#558163), CVE-2007-5606 (CERT VU#221123), CVE-2007-5607 (CERT VU#526131), CVE-2007-5608 (CERT VU#949587), CVE-2007-5610 (CERT VU#857539), CVE-2008-0952 (CERT VU#190939), CVE-2008-0953 (CERT VU#998779)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Instant Support HPISDataManager.dll v1.0.0.22 and earlier.
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code.
References: CVE-2008-0067
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
Potential Security Impact: Remote increase in privilege, arbitrary file modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities
could be exploited remotely to increase privilege or arbitrarily modify files. Tomcat-based Servlet Engine is contained in
the Apache Web Server Suite.
>>> issuing a patch for a DoS level issue,
>>>
>> Can you cite a reference?
>>
>> Unless Microsoft has changed their end of life policy [1], XP should
>> be patched for security vulnerabilities until about 2014. Both XP Home
>> and XP Pro's mainstream support ended in 4/2009, but extended support
>> ends in 4/2014 [2]. Given that we know the end of extended support,
>> take a look at bullet 17 of [1]:
>>
>> 17. What is the Security Update policy?
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or v2.0.59.07.02 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier
>>>>>>>
>>>>> should
>>>>>
>>>>>
>>>>>
>>>>>>> be patched for security vulnerabilities until about 2014. Both XP
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Home
>>>>>>
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in
Cisco products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
Potential Security Impact: Remote Denial of Service (DoS), gain extended privileges.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.
References: CVE-2007-2872, CVE-2007-3378, CVE-2007-4783, CVE-2007-4840, CVE-2007-4887, CVE-2007-5898, CVE-2007-5899, CVE-2007-5900.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.18 with PHP v5.2.4 or earlier.
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
<<Previous Next>>
|
|
|
