Next Page >>
services
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module
Advisory ID: cisco-sa-20120314-asa
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
For Public Release 2009 May 20 1600 UTC (GMT)
Summary
=======
CiscoWorks Common Services contains a vulnerability that could allow an
unauthenticated remote attacker to access application and host operating
system files.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability
Advisory ID: cisco-sa-20111019-cs
Revision 1.0
For Public Release 2011 October 19 16:00 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code
Execution Vulnerability
Advisory ID: cisco-sa-20101027-cs
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500
Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA
Services Module
Advisory ID: cisco-sa-20111005-asa
Revision 1.0
- -----------------------------------------------------------------------
1. Summary
Updated Java JRE packages and Tomcat packages address several security
issues. Updates for the ESX Service Console and vMA include kernel,
ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is
also updated for ESXi userworlds.
2. Relevant releases
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
Summary
=======
A device running Cisco IOS software that has Internet Protocol
version 6 (IPv6) enabled may be subject to a denial of service (DoS)
attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4)
User Datagram Protocol (UDP) services enabled. To exploit this
vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
Advisory ID: cisco-sa-20110126-csg2
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml
Revision 1.0
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
These vulnerabilities are independent; a release that is affected by
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20110824-cucm
Revision 1.0
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
currently used in Oracle 11g as well as in Oracle9i and 10g. The process
of registering an instance is as follows:
1. The client sends a TNS packet of type CONNECT (TNS_TYPE_CONNECT = 1)
to the TNS Listener with the following NV string:
○ Oracle 9i to 11g: (CONNECT_DATA=(COMMAND=SERVICE_REGISTER_NSGR))
○ Oracle 8i: (CONNECT_DATA=(COMMAND=SERVICE_REGISTER))
2. The server answers with a TNS packet of type ACCEPT (TNS_TYPE_ACCEPT
= 2). After this, the protocol communication changes a bit (all data
will be binary).
3. The client sends a “data packet” (TNS_TYPE_DATA = 6) to the TNS
=======
The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:
* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Denial of
Service Vulnerability
Advisory ID: cisco-sa-20110706-csg
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code
Execution Vulnerability
Advisory ID: cisco-sa-20080528-cw
Revision 1.0
During installation of Panda Security for Desktops/File Servers the
permissions for installation folder
%ProgramFiles%\Panda Software\AVTC\
by default are set to Everyone:Full Control. Few services
(e.g. PAVSRV51.EXE) are started from this folder. Services are started
under LocalSystem account.
The 32bit Version of Panda Security for Desktops/File Servers
installs the TruePrevent package by default, which protects the files
During installation of Panda Security for Desktops/File Servers the
permissions for installation folder
%ProgramFiles%\Panda Software\AVTC\
by default are set to Everyone:Full Control. Few services
(e.g. PAVSRV51.EXE) are started from this folder. Services are started
under LocalSystem account.
The 32bit Version of Panda Security for Desktops/File Servers
installs the TruePrevent package by default, which protects the files
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
* Java Remote method Invocation (RMI) Denial of Service
* Unauthenticated XML-RPC Interface
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20100303-cucm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager CAPF
Denial of Service Vulnerability
Advisory ID: cisco-sa-20090121-cucmcapf
Revision 1.0
1. Summary:
Updated versions of all supported hosted products and all ESX 2x
products and patches for ESX 30x address critical security updates.
Service Console security updates for samba, bind, krb5, vixie-cron,
shadow-utils, openldap, pam, gcc, and gdb packages.
2. Relevant releases:
VMware Workstation 6.0.0
Summary
=======
Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers
(WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and
Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security
advisory outlines details of the following vulnerabilities:
* Denial of Service Vulnerabilities (total of three)
* Privilege Escalation Vulnerability
http://www.debian.org/security/ dann frazier
June 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655
CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078
Next Page>>
|
