| New User, Welcome! Login |
Next Page >>
earlier
A potential vulnerability has been identified with certain Certain HP Small Form Factor, Microtower and Workstations PC's with Broadcom Integrated NIC Firmware. The vulnerability could be remotely exploited to execute arbitrary code.
References: CVE-2010-0104, CERT VU#512705
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Broadcom Integrated NIC Management Firmware Versions earlier than v1.40.0.0 and earlier than v8.08
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
following problems:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, CUPS 1.3.9 and earlier, and other products allow remote
attackers to cause a denial of service (crash) via a crafted PDF file,
related to (1) JBIG2SymbolDict::setBitmap and (2)
JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
circumstances, which might allow context-dependent attackers to bypass
the intended security policy by creating instances of ClassLoader
(CVE-2010-4351).
Unspecified vulnerability in the Java Runtime Environment (JRE)
in Oracle Java SE and Java for Business 6 Update 23 and earlier,
5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote
untrusted Java Web Start applications and untrusted Java applets to
affect integrity via unknown vectors related to Networking. NOTE: the
previous information was obtained from the February 2011 CPU. Oracle
has not commented on claims from a downstream vendor that this issue
A potential vulnerability has been identified with certain HP Small Form Factor and Microtower PCs with Broadcom Integrated NIC Firmware. The vulnerability could be remotely exploited to execute arbitrary code.
References: CVE-2010-0104, CERT VU#512705
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Broadcom Integrated NIC Management Firmware Versions earlier than v1.40.0.0 and earlier than v8.08
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Discovered by : Thierry Zoller (G-SEC)
Affected products :
~~~~~~~~~~~~~~~~~~~
- F-Secure Internet Security 2009 and earlier
- F-Secure Anti-Virus 2009 and earlier
- F-Secure Home Server Security 2009
- Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier
- Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier
- Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk:
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
Web Start applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization (CVE-2011-0865).
Multiple unspecified vulnerabilities in the Java Runtime Environment
References: CVE-2008-0211
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Compaq Business Notebook PC
2210 Series BIOS vF.04 and earlier
2510 Series BIOS vF.08 and earlier
2710 Series BIOS vF.0D and earlier
6510 Series BIOS vF.0F and earlier
6710 Series BIOS vF.0F and earlier
6515 Series BIOS vF.0A and earlier
References: CVE-2008-0211
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Compaq Business Notebook PC
2210 Series BIOS vF.04 and earlier
2510 Series BIOS vF.08 and earlier
2710 Series BIOS vF.0D and earlier
6510 Series BIOS vF.0F and earlier
6710 Series BIOS vF.0F and earlier
6515 Series BIOS vF.0A and earlier
A potential vulnerability has been identified with certain HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The HP ProLiant Onboard Administrator Powered by LO100i was formerly known as HP Lights Out 100.
References: CVE-2009-1426
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Any of the following ProLiant DL/ML100 G5/G6-Series servers with Lights-Out 100 Remote Management Firmware Version 3.07 or earlier:
HP ProLiant DL120 G5 Server series
HP ProLiant DL160 G5 Server series
HP ProLiant DL160 G6 Server series
HP ProLiant DL160 G5p Server series
Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
Ionix Application Connectivity Monitor (Ionix ACM) 2.3 and earlier
Ionix Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier
Ionix IP Management Suite (Ionix IP) 8.1.1.1 and earlier
AFFECTED ENVIRONMENTS
---------------------
The following VMware product versions are known to be affected:
VMware Server 1.0.10
VMware Server 2.0.2 and earlier
VMware Workstation 7.0.0
VMware Workstation 7.1.5 and earlier
VMware ESXi 3.5.0 Update 5 and earlier
VMware ESXi 4.0.0 Update 2 and earlier
VMware ESXi 4.1.0 Update 1 Build 433742 (ESXi410-201107401-BG) and earlier
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
III. ANALYSIS
Summary:
A) "nginx" log escape sequence injection
(Affected versions: 0.7.64 and probably earlier versions)
B) "Varnish" log escape sequence injection
(Affected versions: 2.0.6 and probably earlier versions)
C) "Cherokee" log escape sequence injection
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2009-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010- 3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE- 2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.21 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.26 or earlier
BACKGROUND
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.21 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.26 or earlier
BACKGROUND
Potential vulnerabilities have been identified with HP Project and Portfolio Management Center (PPMC) formerly known as Mercury IT Governance. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS)
References: CVE-2010-0452
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Project and Portfolio Management Center (PPMC) 7.5 SP3 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
HP Project and Portfolio Management Center (PPMC) 7.1 SP10 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
BACKGROUND
CVSS 2.0 Base Metrics
Server, VMware ESX address information disclosure, privilege
escalation and other security issues.
2. Relevant releases
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
in patches in ESX and in the newest releases of VMware's hosted
product line.
2. Relevant releases:
VMware Workstation 6.0.3 and earlier,
VMware Workstation 5.5.6 and earlier,
VMware Player 2.0.3 and earlier,
VMware Player 1.0.6 and earlier,
VMware ACE 2.0.3 and earlier,
VMware ACE 1.0.5 and earlier,
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
Summary
=======
CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and
earlier for Microsoft Windows operating systems contain a buffer
overflow vulnerability that could allow a remote unauthenticated
attacker to execute arbitrary code. There are no workarounds for this
vulnerability.
This advisory is posted at:
privilege escalation on virtual machine guest operating systems. In
addition a directory traversal issue is resolved.
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware ACE 2.0.5 and earlier,
VMware ACE 1.0.7 and earlier,
2. Relevant releases
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.15 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.21 or earlier
BACKGROUND
For a PGP signed version of this security bulletin please write to: security-alert@hp.com
VMware hosted products and ESX patches resolve two security issues.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
References: SUN ALERT ID: 263429 (CVE-2009-0217), 263489 (CVE-2009-2625), 263408 (CVE-2009-2670), 263409 (CVE-2009-2671), 263409 (CVE-2009-2672), 263409 (CVE-2009-2673), 263428 (CVE-2009-2674), 263488 (CVE-2009-2675), 263490 (CVE-2009-2676).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.04 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.16 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.22 or earlier
BACKGROUND
Next Page>>
|
|
|
