Next Page >>
Version 2
No other Cisco products are currently known to be affected by this
vulnerability. Cisco IOS XR Software is not affected by this
vulnerability.
The IGMP version 1, IGMP version 2, and IPv6 Multicast Listener
Discovery protocol (MLD) features in Cisco IOS and Cisco IOS XE
Software are not affected by this vulnerability.
Details
=======
http://www.netvigilance.com/advisory0054
Release Date:
10/29/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
http://www.netvigilance.com/advisory0053
Release Date:
10/29/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
netVigilance Security Advisory #70
SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multiple layout settings, support for BBCode andsmilies, you can assin an icon graphic to every news entry, you can attach a file to news entries, entries can be put in categories, users can subscribe to get news sent by email, search entries, users can post comments on news entries, event calendar, newsticker, option to let users propose news entries.
External References:
Mitre CVE: CVE-2007-4874
NVD NIST: CVE-2007-4874
OSVDB: ID requested but no answer received
BUGTRAQ/BID:
identifies a Cisco device that is running a Cisco IOS Software
release that does support NTPv4:
Router#configure terminal
Router(config)#ntp peer 127.0.0.1 version ?
<2-4> NTP version number
The following example identifies a Cisco device that is running a
Cisco IOS Software release that does not support NTPv4:
Router(config)#ntp peer 127.0.0.1 version ?
http://www.netvigilance.com/advisory0055
Release Date:
10/29/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
http://www.netvigilance.com/advisory0066
Release Date:
09/25/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
netVigilance Security Advisory #69
SimpNews version 2.41.03 File Content Disclosure Vulnerability
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multiple layout settings, support for BBCode andsmilies, you can assin an icon graphic to every news entry, you can attach a file to news entries, entries can be put in categories, users can subscribe to get news sent by email, search entries, users can post comments on news entries, event calendar, newsticker, option to let users propose news entries.
External References:
Mitre CVE: CVE-2007-4873
NVD NIST: CVE-2007-4873
OSVDB: ID requested but no answer received
netVigilance Security Advisory #68
SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multiple layout settings, support for BBCode andsmilies, you can assin an icon graphic to every news entry, you can attach a file to news entries, entries can be put in categories, users can subscribe to get news sent by email, search entries, users can post comments on news entries, event calendar, newsticker, option to let users propose news entries.
External References:
Mitre CVE: CVE-2007-4872
NVD NIST: CVE-2007-4872
OSVDB: ID requested but no answer received
http://www.netvigilance.com/advisory0064
Release Date:
09/25/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
http://www.netvigilance.com/advisory0065
Release Date:
09/25/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
http://www.netvigilance.com/advisory0067
Release Date:
09/25/2007
CVSS Version 2 Metrics:
Base Metrics:
Exploitability Metrics:
handling logic, other implementations may also be vulnerable.
CVE-2010-1324
MIT krb5 (releases krb-1.7 and newer) incorrectly accepts an unkeyed
checksum with DES session keys for version 2 (RFC 4121) of the GSS-API
krb5 mechanism.
MIT krb5 (releases krb5-1.7 and newer) incorrectly accepts an unkeyed
checksum for PAC signatures. Running exclusively krb5-1.8 or newer
KDCs blocks the attack.
______________________________________________
Security Advisory NSOADV-2010-001 (Version 2)
______________________________________________
______________________________________________
Title: Panda Security Local Privilege Escalation
Severity: Medium
Advisory ID: NSOADV-2010-001
Found Date: 02.2008
The SSH server implementation in Cisco IOS XR Software contains a
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition.
An attacker could trigger this vulnerability by sending a crafted SSH
version 2 packet that may cause a new SSH connection handler process to
crash. Repeated exploitation may cause each new SSH connection handler
process to crash and lead to a significant amount of memory being
consumed, which could introduce instability that may adversely impact
other system functionality. During this event, the parent SSH daemon
process will continue to function normally.
The IOS secure shell server is disabled by default. To determine if
SSH is enabled, use the show ip ssh command.
Router#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
The previous output shows that SSH is enabled on this device and that
the SSH protocol major version that is being supported is 2.0. If the
text "SSH Disabled" is displayed, the device is not vulnerable.
Web Server Suite Version / Apache Depot name
HP-UX Web Server Suite v.2.32
HP-UX 11i PA-RISC with IPv6
HP-UX 11i version 2 PA-RISC/IPF 64-bit
HP-UX 11i version 2 PA-RISC/IPF 32-bit
HP-UX 11i version 3 PA-RISC/IPF 64-bit
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01495949
Version: 2
HPSBMA02348 SSRT080033 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 16 July 2008 Initial release
Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information
Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2
Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Copying welcome, under the Creative Commons ``Attribution-Share Alike''
License http://creativecommons.org/licenses/by-sa/2.0/uk/
Code included herein, and accompanying this advisory, may be copied
according to the GNU General Public License version 2, or the Vim
license. See the subdirectory ``licenses''.
Various portions of the accompanying code may have been written by
various parties. Those parties may hold copyright, and those portions
may be copied according to their respective licenses.
PRODUCT SPECIFIC INFORMATION:
none
HISTORY
Version:1 (rev.1) - 10 February 2010 Initial Release
Version:2 (rev.2) - 11 February 2010 Added CVE reference
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Install the preliminary firmware update as described in the InstallationInstructions.rtf file.
Feature Variations in the LaserJet 4250 and 4350 Firmware Version 20090323 SPCL014A
The following file is available on ftp://ss080166:ss080166@hprc.external.hp.com/
Information File
MD5 Sum
[ AFFECTED VERSIONS ]
Following versions are affected with this issue:
- Safari Version 2 (MacOSX Version)
[ DESCRIPTION ]
A crafted HTML page can make Safari crash when trying to parse the page
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 30 March 2011 Initial release
Version:2 (rev.2) - 1 April 2011 Republish
Version:3 (rev.3) - 13 April 2011 Added NNMi v8.1x
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01837667
Version: 2
HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01496048
Version: 2
HPSBMA02349 SSRT080043 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 16 July 2008 Initial release
Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information
Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Model Affected: AGA[Alice Gate2 plus Wi-Fi]/AGB[Alice Gate2 plus]
AG2P-AG3[Alice Gate W2+]/AGPV-AGPF[Alice Gate VoIP 2 Plus Wi-Fi]
Firmware Version: All AGA/AGB/AG2P-AG3/AGPV-AGPF firmware version are affected.
Platforms: Customized Linux version 2.6.8.1 on Broadcom BCM96348 chipset.
Vulnerability: enable telnet/ftp/tftp and web-admin from internal lan.
Exploitation: internal network lan, versus Router
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 9 June 2008 Initial release
Version:2 (rev.2) - 30 June 2008 New files available
Version:3 (rev.3) - 18 March 2009 Patches available for NNM v7.53 and NNM v7.01
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Next Page>>
|
