New User, Welcome!     Login

Next Page >>

version

[security bulletin] HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03102449
Version: 6

HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

~     shared folder (HGFS), it is possible for a program running in the
~     guest to gain access to the host's file system and create or modify
~     executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to
~      guest shared folders.  No versions of ESX Server, including
~      ESX Server 3i, are affected by this vulnerability.  Because
~      ESX Server is based on a bare-metal hypervisor architecture
~      and not a hosted architecture, and it doesn't include any
~      shared folder abilities.  Fusion and Linux based hosted
~      products are unaffected.

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability

=================

Vulnerable Products
+------------------

This vulnerability affects all versions of CiscoWorks Common
Services-based products running on Microsoft Windows

Common Services version 4.1 and later are not affected by this
vulnerability.


Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

The following table displays the products that are affected by each
vulnerability that is described within this advisory.

+-------------------------------------------------------------------+
|                                     | Products and Versions       |
|                                     | Affected                    |
|Vulnerability                        |-----------------------------|
|                                     | Cisco ACE    | Cisco ACE    |
|                                     | 4710         | Module       |
|                                     | Appliance    |              |

[security bulletin] HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02048471
Version: 2

HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

Summary
=======

A vulnerability exists in some Cisco Secure Access Control System
(ACS) versions that could allow a remote, unauthenticated attacker to
change the password of any user account to any value without
providing the account's previous password. Successful exploitation
requires the user account to be defined on the internal identity
store.


Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Vulnerable Products
+------------------

These products are vulnerable:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(1)


Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Vulnerable Products
+------------------

These products are vulnerable:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(1)


Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control

Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.

When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.

Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

file that is hosted on a WebEx meeting site. The players can also be
manually installed for offline playback after downloading the
application from www.webex.com

If the WRF player was automatically installed, it will be
automatically upgraded to the latest, nonvulnerable version when
users access a recording file that is hosted on a WebEx meeting site.
If the WRF player was manually installed, users will need to manually
install a new version of the player after downloading the latest
version from www.webex.com


OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components

      Fortunately some wise guy but missed to time-stamp the signed files,
      Windows treats the signature as invalid since 2012-05-27T00:00:00Z.-P


According to it's manufacturer, this application supports Windows 2000
and later versions.

The self-extracting setup program "OLReader2502_DE.exe" extracts the
following 3rd party files (ALL are updates/installers from Microsoft)
into "%TEMP%\SignCubesInstall":


Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

Vulnerable Products
+------------------

The following products are vulnerable:

  * Cisco Unified CallManager 4.1 versions
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4b
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1b
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
  * Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

Vulnerable Products
+------------------

The following products are vulnerable:

  * Cisco Unified CallManager 4.1 versions
  * Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
  * Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1
  * Cisco Unified Communications Manager 5.x versions prior to 5.1(3c)
  * Cisco Unified Communications Manager 6.x versions prior to 6.1(2)


VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

- - -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0006
Synopsis:          Critical security updates for all supported
                   versions of VMware ESX Server, VMware Server,
                   VMware Workstation, VMware ACE, and
                   VMware Player

Issue date:        2007-09-18
Updated on:        2007-09-18

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities

Unified Communications Manager.

Vulnerable Products
+------------------

The following Cisco Unified Communications Manager versions are
affected:

  * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
  * Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
  * Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a

VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

   Notes:
   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all
   subsequent patch and update releases will be based on the latest
   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
   "End of Product Availability FAQs" at
   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
   details.


VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

   Notes:
   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all
   subsequent patch and update releases will be based on the latest
   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
   "End of Product Availability FAQs" at
   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
   details.


Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

=================

Vulnerable Products
- -------------------

The following are the products and versions affected by each
vulnerability described within this advisory.

+---------------------------------------+
| Vulnerability | Product  |  Version   |
|               | Affected |  Affected  |

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

Affected Products
=================

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module are affected by multiple
vulnerabilities. Affected versions of Cisco ASA Software will vary
depending on the specific vulnerability. Consult the "Software
Versions and Fixes" section of this security advisory for more
information about the affected version.

Cisco PIX Security Appliances may be affected by some of the

[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01531379
Version: 1

HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


[security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01531379
Version: 1

HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.


Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

=================

Vulnerable Products
+------------------

The following versions of Cisco Unified Presence and Jabber
Extensible Communications Platform (Jabber XCP) are affected by the
vulnerability in this advisory. JabberNow appliances are also
affected if they are running a vulnerable version of Jabber XCP
software.


Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances

Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.

Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
disabled by default.

Crafted HTTP Packet DoS Vulnerability
+------------------------------------

Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

Affected Products
=================

The following paragraphs describe the affected Cisco ASA and Cisco
PIX software versions:

Vulnerable Products
+------------------

The following sections provide details on the versions of Cisco ASA

Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

Vulnerable Products
+------------------

The vulnerabilities described in this document apply to the Cisco
AnyConnect Secure Mobility Client. The affected versions are included
in the following table:

+------------------------------------------------------------+
|   Vulnerability   | Platform  |     Affected Versions      |
|-------------------+-----------+----------------------------|

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

Vulnerable Products
+------------------

The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.

Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------

VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

3. Problem Description

 a. JRE Security Update

    JRE update to version 1.5.0_20, which addresses multiple security
    issues that existed in earlier releases of JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA

Crafted TCP ACK Packet Vulnerability
+-----------------------------------

Cisco ASA and Cisco PIX devices are affected by a crafted TCP
acknowledgment (ACK) packet vulnerability. Software versions prior to
7.1(2)70 on the 7.1.x release, 7.2(4) on the 7.2.x release, and 8.0
(3)10 on the 8.0.x release are affected. Cisco ASA or Cisco PIX
security appliances running software version 7.0.x, or 8.1.x are not
vulnerable.


Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

=================

Vulnerable Products
+------------------

The following Cisco UCCX versions are vulnerable:

  * Cisco UCCX version 6.0(x)
  * Cisco UCCX version 7.0(x)
  * Cisco UCCX version 8.0(x)
  * Cisco UCCX version 8.5(x)

Open-Xchange Security Advisory 2013-03-13

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions.

Proof regarding authenticity can be obtained from the published release notes:
http://software.open-xchange.com/OX6/6.20/doc/Release_Notes_for_Public_Patch_Release_1310_6.20.7_Rev14_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1311_6.22.0_Rev13_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1312_6.22.1_Rev14_2013-02-28.pdf


Product: Open-Xchange Server 6
Vendor: Open-Xchange GmbH

Next Page>>

Copyright © 1995-2013 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!