Next Page >>
issues
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2524
David Howells reported an issue in the Common Internet File System (CIFS).
Local users could cause arbitrary CIFS shares to be mounted by introducing
malicious redirects.
CVE-2010-3875
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
sensitive kernel memory.
CVE-2011-0695
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2012-2121
Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU
mapping of memory slots used in KVM device assignment. Local users with
the ability to assign devices could cause a denial of service due to a
memory page leak.
CVE-2012-3552
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2963
Kees Cook discovered an issue in the v4l 32-bit compatibility layer for
64-bit systems that allows local users with /dev/video write permission to
overwrite arbitrary kernel memory, potentially leading to a privilege
escalation. On Debian systems, access to /dev/video devices is restricted to
members of the 'video' group by default.
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
. Microsoft virtualization products that are based on Hyper-V technology.
6. *Vendor Information, Solutions and Workarounds*
This issue was reported to Microsoft in August 2009. The vendor has
acknowledged the report and after extensive analysis indicated that it
plans to solve the problem in future updates to the associated products.
We recommend affected users to run all mission critical Windows
applications on non-virtualized systems or to use virtualization
Internet Explorer introduces the concept of URL Security Zones, which
basically define a set of privileges for web applications (such as, for
example, accessing and/or modifying the local computer files) depending
on their level of trustworthiness.
Issues have been found in the way that security policies are applied
when a URI is specified in the UNC form:
'\\MACHINE_NAME_OR_IP\PATH_TO_RESOURCE'
* When a remote site attempts to access a local resource, Internet
Explorer will fail to enforce the Zone Elevation restrictions.
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097
CVE-2008-2100 CVE-2006-1721 CVE-2008-0553
CVE-2007-5378 CVE-2007-4772 CVE-2008-0888
Hello All,
Below, we are providing you with technical details regarding
security issues reported by us to Oracle and addressed by the
company in a recent Feb 2013 Java SE CPU [1].
[Issue 29]
This issue allows for the creation of arbitrary Proxy objects
for interfaces defined in restricted packages. Proxy objects
VMware Security Advisory
Advisory ID: VMSA-2011-0003
Synopsis: Third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
Issue date: 2011-02-10
Updated on: 2011-02-10 (initial release of advisory)
CVE numbers: --- Apache Tomcat ---
CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
CVE-2009-3548 CVE-2010-2227 CVE-2010-1157
--- Apache Tomcat Manager ---
- -------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0007
Synopsis: VMware hosted products, vCenter Server and ESX
patches resolve multiple security issues
Issue date: 2010-04-09
Updated on: 2010-04-09 (initial release of advisory)
CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042
CVE-2009-1564 CVE-2009-1565 CVE-2009-3732
CVE-2009-3707 CVE-2010-1138 CVE-2010-1139
- -------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0007
Synopsis: VMware hosted products, vCenter Server and ESX
patches resolve multiple security issues
Issue date: 2010-04-09
Updated on: 2010-04-09 (initial release of advisory)
CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042
CVE-2009-1564 CVE-2009-1565 CVE-2009-3732
CVE-2009-3707 CVE-2010-1138 CVE-2010-1139
CVSSv2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 3.5
CVSSv2 Temporal Score: 2.7
CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 2.1
CVSSv2 Temporal Score: 1.6
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0013
Synopsis: VMware vSphere and vCOps updates to third party libraries
Issue date: 2012-08-30
Updated on: 2012-08-30 (initial advisory)
CVE numbers: --- JRE ---
See references
--- OpenSSL (userworld) ---
CVE-2010-4180, CVE-2010-4252, CVE-2011-0014,
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0005
Synopsis: VMware products address vulnerabilities in WebAccess
Issue date: 2010-03-29
Updated on: 2010-03-29 (initial release of advisory)
CVE numbers: CVE-2009-2277 CVE-2010-1137 CVE-2010-0686
CVE-2010-1193
- ------------------------------------------------------------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0009
Synopsis: ESXi ntp and ESX Service Console third party updates
Issue date: 2010-05-27
Updated on: 2010-05-27 (initial release of advisory)
CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228
CVE-2009-3286 CVE-2009-3547 CVE-2009-3613
CVE-2009-3612 CVE-2009-3620 CVE-2009-3621
CVE-2009-3726 CVE-2007-4567 CVE-2009-4536
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0005
Synopsis: VMware Hosted products, VI Client and patches for ESX
and ESXi resolve multiple security issues
Issue date: 2009-04-03
Updated on: 2009-04-03 (initial release of advisory)
CVE numbers: CVE-2008-4916 CVE-2008-3761 CVE-2009-1146
CVE-2009-1147 CVE-2009-0909 CVE-2009-0910
CVE-2009-0908 CVE-2009-0177 CVE-2009-0518
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
user could use this to determine sensitive information such as password
length.
CVE-2013-1796
Andrew Honig of Google reported an issue in the KVM subsystem. A user in
a guest operating system could corrupt kernel memory, resulting in a
denial of service.
CVE-2013-1929
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2846
Michael Buesch noticed a typing issue in the eisa-eeprom driver
for the hppa architecture. Local users could exploit this issue to
gain access to restricted memory.
CVE-2009-2847
cookies, session management data, cached content of web applications in
different domains and any files stored on local filesystems.
The bug is related to a lack of enforcement of security policies
assigned to URL Security Zones [2] when content from the corresponding
zone is loaded and rendered from a local file. These issues have been
found in the way that security policies are applied when a URI is
specified in the UNC form (i.e., '\\MACHINE_NAME_OR_IP\PATH_TO_RESOURCE'):
1. When a remote site attempts to access a local resource, IE will
fail to enforce the Zone Elevation restrictions.
Advisory ID: VMSA-2008-0014
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Server, VMware ESX address
information disclosure, privilege escalation and
other security issues.
Issue date: 2008-08-29
Updated on: 2008-08-29 (initial release of advisory)
CVE numbers: CVE-2008-2101 CVE-2007-5269 CVE-2008-1447
CVE-2008-3691 CVE-2008-3692 CVE-2008-3693
CVE-2008-3694 CVE-2008-3695 CVE-2007-5438
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0435
Gleb Napatov reported an issue in the KVM subsystem that allows virtual
machines to cause a denial of service of the host machine by executing mov
to/from DR instructions.
CVE-2010-3699
Description:
Pligg is a popular open source, full featured, content management
system written in php. There are a number of vulnerabilities
within Pligg that allow for remote file enumeration, file inclusion,
cross site scripting, and sql injection. When combined these issues
allow for remote code execution on the affected installation
via arbitrary php code placed within template files once admin
credentials are gained via SQL Injection.
VMware Security Advisory
Advisory ID: VMSA-2012-0005
Synopsis: VMware vCenter Server, Orchestrator, Update Manager,
vShield, vSphere Client, ESXi and ESX address
several security issues
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510,
CVE-2012-1512, CVE-2012-1513, CVE-2012-1514,
Vulnerability Overview
----------------------
On June 4th 2009, VSR identified multiple weaknesses in the Cisco CSS
11500's handling of HTTP header interpretation and client-side SSL
certificates. Individually, these issues may be considered minor, but
combined they could allow for the compromise of an application that
relies on a vulnerable CSS to assist in authenticating clients. If
successfully exploited, an attacker could spoof another application
user's identity without possession of the victim's client certificate.
SYM07-029
http://www.symantec.com/avcenter/security/Content/2007.11.27.html
27 Nov 2007
Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in Job Engine
Revision History
None
CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130,
CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094,
CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3065
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0009
Synopsis: VMware Workstation, Player, ESXi and ESX patches address
critical security issues
Issue date: 2012-05-03
Updated on: 2012-05-03 (initial advisory)
CVE numbers: CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449,
CVE-2012-2450
-----------------------------------------------------------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0004
Synopsis: ESX Service Console and vMA third party updates
Issue date: 2010-03-03
Updated on: 2010-03-03 (initial release of advisory)
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316
CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
CVE-2009-1386 CVE-2009-1387 CVE-2009-0590
CVE-2009-4022 CVE-2009-3560 CVE-2009-3720
Next Page>>
|
