Next Page >>
Free Software
CiscoWorks Common Services for both Oracle Solaris and Microsoft
Windows contains a vulnerability that could allow a remote
unauthenticated attacker to execute arbitrary code on a host device
with privileges of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
Mitigations that limit the attack surface of this vulnerability are
available.
CiscoWorks Common Services for Microsoft Windows contains a
vulnerability that could allow an authenticated, remote attacker to
execute arbitrary commands on the affected system with the privileges
of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
Unified IP Interactive Voice Response (Unified IP-IVR) contain a
directory traversal vulnerability that may allow a remote,
unauthenticated attacker to retrieve arbitrary files from the
filesystem.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
However, because Cisco Show and Share relies on Cisco Digital Media
Manager for authentication services, attackers who compromise the
Cisco Digital Media Manager may gain full access to Cisco Show and
Share.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
CiscoWorks Common Services contains a vulnerability that could allow an
unauthenticated remote attacker to access application and host operating
system files.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml.
/*
* RFC 1321 compliant MD5 implementation
*
* Copyright (C) 2001-2003 Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080521-cvp.shtml.
* Three (3) denial of service (DoS) vulnerabilities that affect
Session Initiation Protocol (SIP) services
* Directory transversal vulnerability
* Two (2) SQL injection vulnerabilities
Cisco has released free software updates for affected Cisco Unified
Communications Manager versions to address the vulnerabilities. A
workaround exists only for the SIP DoS vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml.
* Newly discovered vulnerabilities in software and hardware
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
attack in the parameter key of the admin and user interface pages. A
successful attack could allow an authenticated attacker to access
information such as usernames and password hashes that are stored in
the database.
Cisco has released free software updates that address this
vulnerability.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0026
leavingcisco.com has been assigned to this vulnerability.
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080521-cvp.shtml.
To exploit this vulnerability an attacker must be able to cause a
vulnerable DNS server to perform recursive DNS queries. Therefore, DNS
servers that are only authoritative, or servers where recursion is not
allowed, are not affected.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.
This security advisory is being published simultaneously with
Autonomous System Number Vulnerabilities" disclosed on the 2009 July
29 1600 UTC at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Cisco is preparing to release free software maintenance upgrade (SMU)
that address this vulnerability. This advisory will be updated once
the SMU is available.
A workaround that mitigates this vulnerability is available.
vulnerabilities are:
* Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload
* ICMPv6 Packet May Cause MPLS-Configured Device to Reload
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at
must have valid credentials for an affected device to exploit one
vulnerability; exploitation of the other does not require
authentication. Both vulnerabilities can be exploited over the
network.
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at:
Cisco recommends that all administrators deploy the mitigation
measures outlined in the Workarounds section or perform a Cisco IOS
Software upgrade.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
The Cisco Application Control Engine Global Site Selector (GSS)
contains a vulnerability when processing specific Domain Name System
(DNS) requests that may lead to a crash of the DNS service on the
GSS.
Cisco has released free software updates that address this
vulnerability.
A workaround that mitigates this vulnerability is available.
This advisory is posted at
a network processor in a line card to lock up while processing an IP
version 4 (IPv4) packet. As a consequence of the network processor
lockup, the line card that is processing the offending packet will
automatically reload.
Cisco has released a free software maintenance upgrade (SMU) to
address this vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at:
Under a sustained attack, the Cisco CRS Modular Services Card (MSC)
on a Cisco Carrier Routing System (CRS) or a Line Card on a Cisco
12000 Series Router or Cisco ASR 9000 Series Aggregation Services
Router will reload.
Cisco has released free Software Maintenance Units (SMU) that address
this vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at:
Cisco Unified Presence contains three denial of service (DoS)
vulnerabilities that may cause an interruption in presence services.
These vulnerabilities were discovered internally by Cisco, and there
are no workarounds.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml.
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
mitigations exist that can limit the exposure of this vulnerability.
Cisco Unified Communications Manager contains a directory traversal
vulnerability that may allow an unauthenticated, remote attacker to
retrieve arbitrary files from the filesystem.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
users access a recording file that is hosted on a WebEx server. If
the WebEx recording player was manually installed, users will need to
manually install a new version of the player after downloading the
latest version from www.webex.com
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml.
/*
*
* Copyright (C) darkfig
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
- Newly discovered vulnerabilities in software and hardware
- Electronic/Digital Privacy
- Wireless Network and Security
- Attacks on Information Systems and/or Digital Information Storage
- Electronic Voting
- Free Software and Security
- Assessment of Computer, Electronic Devices and Information Systems
- Standards for Information Security
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
that may result in a denial of service condition when the SSH version
1 (SSHv1) protocol is used. The vulnerability is a result of
unremoved sshd_lock files consuming all available space in the /tmp
filesystem.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110525-iosxr-ssh.shtml
attacker to elevate privileges, change phone configurations, disclose
sensitive information, or load unsigned software. These three
vulnerabilities are classified as two privilege escalation
vulnerabilities and one signature bypass vulnerability.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds available to mitigate these
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml.
Summary
=======
Two crafted Protocol Independent Multicast (PIM) packet
vulnerabilities exist in Cisco IOS software that may lead to a denial
of service (DoS) condition. Cisco has released free software updates
that address these vulnerabilities. Workarounds that mitigate these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
=======
The Cisco Application Extension Platform contains a privilege escalation
vulnerability in the tech support diagnostic shell that may allow an
authenticated user to obtain administrative access to a vulnerable Cisco
Application Extension Platform module. Cisco has released free software updates
that address this vulnerability. There is no workaround for this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100609-axp.shtml
A denial of service (DoS) vulnerability exists in the Cisco Physical
Access Gateway. There are no workarounds available to mitigate the
vulnerability. This vulnerability has been corrected in Cisco
Physical Access Gateway software version 1.1. Cisco has released free
software updates that address this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090624-gateway.shtml
Next Page>>
|
