New User, Welcome!     Login

Next Page >>

version

VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

~     shared folder (HGFS), it is possible for a program running in the
~     guest to gain access to the host's file system and create or modify
~     executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to
~      guest shared folders.  No versions of ESX Server, including
~      ESX Server 3i, are affected by this vulnerability.  Because
~      ESX Server is based on a bare-metal hypervisor architecture
~      and not a hosted architecture, and it doesn't include any
~      shared folder abilities.  Fusion and Linux based hosted
~      products are unaffected.

VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

- - -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0006
Synopsis:          Critical security updates for all supported
                   versions of VMware ESX Server, VMware Server,
                   VMware Workstation, VMware ACE, and
                   VMware Player

Issue date:        2007-09-18
Updated on:        2007-09-18

Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

Summary
=======

A vulnerability exists in some Cisco Secure Access Control System
(ACS) versions that could allow a remote, unauthenticated attacker to
change the password of any user account to any value without
providing the account's previous password. Successful exploitation
requires the user account to be defined on the internal identity
store.


Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

file that is hosted on a WebEx meeting site. The players can also be
manually installed for offline playback after downloading the
application from www.webex.com

If the WRF player was automatically installed, it will be
automatically upgraded to the latest, nonvulnerable version when
users access a recording file that is hosted on a WebEx meeting site.
If the WRF player was manually installed, users will need to manually
install a new version of the player after downloading the latest
version from www.webex.com


[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01531379
Version: 1

HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01531379
Version: 1

HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

   Notes:
   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all
   subsequent patch and update releases will be based on the latest
   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
   "End of Product Availability FAQs" at
   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
   details.


VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

   Notes:
   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all
   subsequent patch and update releases will be based on the latest
   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
   "End of Product Availability FAQs" at
   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
   details.


VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

3. Problem Description

 a. JRE Security Update

    JRE update to version 1.5.0_20, which addresses multiple security
    issues that existed in earlier releases of JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

The following table displays the products that are affected by each
vulnerability that is described within this advisory.

+-------------------------------------------------------------------+
|                                     | Products and Versions       |
|                                     | Affected                    |
|Vulnerability                        |-----------------------------|
|                                     | Cisco ACE    | Cisco ACE    |
|                                     | 4710         | Module       |
|                                     | Appliance    |              |

VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        4.1       Windows  Update 1
    vCenter        4.0       Windows  affected, patch pending
    VirtualCenter  2.5       Windows  affected, no patch planned


[security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01623905
Version: 1

HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control

Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.

When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.

Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities

Unified Communications Manager.

Vulnerable Products
+------------------

The following Cisco Unified Communications Manager versions are
affected:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
  * Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
  * Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a

Cisco Security Advisory: Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability

Summary
=======

A vulnerability in the Internet Group Management Protocol (IGMP)
version 3 implementation of Cisco IOS  Software and Cisco IOS XE
Software allows a remote unauthenticated attacker to cause a reload
of an affected device. Repeated attempts to exploit this
vulnerability could result in a sustained denial of service (DoS)
condition. Cisco has released free software updates that address this
vulnerability.

Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

Vulnerable Products
+------------------

The following products are vulnerable:

  * Cisco Unified CallManager 4.1 versions
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4b
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1b
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
  * Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability

=================

Vulnerable Products
+------------------

This vulnerability affects all versions of CiscoWorks Common
Services-based products running on Microsoft Windows

Common Services version 4.1 and later are not affected by this
vulnerability.


[security bulletin] HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02048471
Version: 2

HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

   VMware ESX 3.0.3 without patch ESX303-200811401-BG

   VMware ESX 3.0.2 without patch ESX-1006980

   NOTE: General Support for Workstation version 5.x ended on
   2009-03-19. Users should plan to upgrade to the latest
   Workstation version 6.x release.

   Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
   Users should plan to upgrade to ESX 3.0.3 and preferably to

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

Vulnerable Products
+------------------

The following products are vulnerable:

  * Cisco Unified CallManager 4.1 versions
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3c)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(2)


Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

=================

Vulnerable Products
- -------------------

The following are the products and versions affected by each
vulnerability described within this advisory.

+---------------------------------------+
| Vulnerability | Product  |  Version   |
|               | Affected |  Affected  |

Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Advisory ID: cisco-sa-20110720-asr9k

Revision 1.0


Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability

Summary
=======

Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.

Cisco has released free software updates that address this
vulnerability.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances

Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.

Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
disabled by default.

Crafted HTTP Packet DoS Vulnerability
+------------------------------------

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Vulnerable Products
+------------------

These products are vulnerable:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(1)


Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Vulnerable Products
+------------------

These products are vulnerable:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(1)


Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module

=======

A vulnerability exists in the Cisco Firewall Services Module (FWSM) 
- - - a high-speed, integrated firewall module for Cisco Catalyst 6500 
switches and Cisco 7600 Series routers,  that may result in a reload
of the FWSM.  The only affected FWSM System Software Version is 
3.2(3).

There are no known instances of intentional exploitation of this 
issue. However, Cisco has observed data streams that appear to be
unintentionally triggering this vulnerability.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

Affected Products
=================

Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities. Affected versions of Cisco ASA Software
vary depending on the specific vulnerability.

Vulnerable Products
+------------------


Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

Vulnerable Products
+------------------

The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.

Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

=================

Vulnerable Products
+------------------

The following Cisco UCCX versions are vulnerable:

  * Cisco UCCX version 6.0(x)
  * Cisco UCCX version 7.0(x)
  * Cisco UCCX version 8.0(x)
  * Cisco UCCX version 8.5(x)

Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!