Next Page >>
service
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
- -----------------------------------------------------------------------
1. Summary
Updated Java JRE packages and Tomcat packages address several security
issues. Updates for the ESX Service Console and vMA include kernel,
ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is
also updated for ESXi userworlds.
2. Relevant releases
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20110824-cucm
Revision 1.0
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
These vulnerabilities are independent; a release that is affected by
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500
Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA
Services Module
Advisory ID: cisco-sa-20111005-asa
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
Advisory ID: cisco-sa-20110126-csg2
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml
Revision 1.0
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
* Java Remote method Invocation (RMI) Denial of Service
* Unauthenticated XML-RPC Interface
1. Summary:
Updated versions of all supported hosted products and all ESX 2x
products and patches for ESX 30x address critical security updates.
Service Console security updates for samba, bind, krb5, vixie-cron,
shadow-utils, openldap, pam, gcc, and gdb packages.
2. Relevant releases:
VMware Workstation 6.0.0
http://www.debian.org/security/ dann frazier
June 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655
CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager CAPF
Denial of Service Vulnerability
Advisory ID: cisco-sa-20090121-cucmcapf
Revision 1.0
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain
privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple
vulnerabilities that can allow a remote attacker to execute
arbitrary code, gain privileges, or cause a denial of service
http://www.debian.org/security/ dann frazier
May 24, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170
Cisco Unified Communications Manager, formerly CallManager, contains
a privilege escalation vulnerability in the IP Phone Personal Address
Book (PAB) Synchronizer feature that may allow an attacker to gain
complete administrative access to a vulnerable Cisco Unified
Communications Manager system. If Cisco Unified Communications
Manager is integrated with an external directory service, it may be
possible for an attacker to leverage the privilege escalation
vulnerability to gain access to additional systems configured to use
the directory service for authentication.
Cisco has released free software updates that address this
Title: CA20090107-01: CA Service Metric Analysis and CA Service
Level Management smmsnmpd Arbitrary Command Execution
Vulnerability
CA Advisory Reference: CA20090107-01
CA Advisory Date: 2009-01-07
Summary
=======
Cisco Unified Communications Manager (CUCM), formerly CallManager,
contains a heap overflow vulnerability in the Certificate Trust List
(CTL) Provider service that could allow a remote, unauthenticated
user to cause a denial of service (DoS) condition or execute
arbitrary code. There is a workaround for this vulnerability.
Cisco has made free software available to address these
vulnerabilities for affected customers.
system into mounting a specially crafted filesystem, it could crash the
system or exposde kernel memory, leading to a loss of privacy.
Ben Hutchings discovered that the ethtool interface did not correctly
check certain sizes. A local attacker could perform malicious ioctl calls
that could crash the system, leading to a denial of service. (Only Ubuntu
10.04 LTS was affected.) (CVE-2010-2478, CVE-2010-3084)
Eric Dumazet discovered that many network functions could leak kernel
stack contents. A local attacker could exploit this to read portions
of kernel memory, leading to a loss of privacy. (Ubuntu 10.10 was not
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 1
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Original advisory details:
It was discovered that the Linux kernel did not correctly handle memory
protection of the Virtual Dynamic Shared Object page when running
a 32-bit application on a 64-bit kernel. A local attacker could
exploit this to cause a denial of service. (Only affected Ubuntu 6.06
LTS.) (CVE-2009-4271)
It was discovered that the r8169 network driver did not correctly check
the size of Ethernet frames. A remote attacker could send specially
crafted traffic to crash the system, leading to a denial of service.
Summary
=======
An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx
Meeting Manager contains a buffer overflow vulnerability that may
result in a denial of service or remote code execution. The WebEx
Meeting Manager is a client-side program that is provided by the
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
advisory outlines details of these vulnerabilities:
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
TECHSERVE, INC.
www.tech-serve.com
SECURITY ADVISORY
Advisory Name: Level Platforms, Inc. Service Center Install Data HTTP
Vulnerability
Release Date: 01/08/2008
Platform: Managed Workplace Service Center
Application: Version Number(s): 4.x, 5.x and 6.x
Severity: Ability to remotely determine version, build, service
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)
The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
(OOPS), and possibly have unspecified other impact by specifying a
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
Next Page>>
|
