Next Page >>
version
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03102449
Version: 6
HPSBPI02728 SSRT100692 rev.6 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. No versions of ESX Server, including
~ ESX Server 3i, are affected by this vulnerability. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
=================
Vulnerable Products
+------------------
This vulnerability affects all versions of CiscoWorks Common
Services-based products running on Microsoft Windows
Common Services version 4.1 and later are not affected by this
vulnerability.
The following table displays the products that are affected by each
vulnerability that is described within this advisory.
+-------------------------------------------------------------------+
| | Products and Versions |
| | Affected |
|Vulnerability |-----------------------------|
| | Cisco ACE | Cisco ACE |
| | 4710 | Module |
| | Appliance | |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02048471
Version: 2
HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Summary
=======
A vulnerability exists in some Cisco Secure Access Control System
(ACS) versions that could allow a remote, unauthenticated attacker to
change the password of any user account to any value without
providing the account's previous password. Successful exploitation
requires the user account to be defined on the internal identity
store.
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.
Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.
file that is hosted on a WebEx meeting site. The players can also be
manually installed for offline playback after downloading the
application from www.webex.com
If the WRF player was automatically installed, it will be
automatically upgraded to the latest, nonvulnerable version when
users access a recording file that is hosted on a WebEx meeting site.
If the WRF player was manually installed, users will need to manually
install a new version of the player after downloading the latest
version from www.webex.com
Fortunately some wise guy but missed to time-stamp the signed files,
Windows treats the signature as invalid since 2012-05-27T00:00:00Z.-P
According to it's manufacturer, this application supports Windows 2000
and later versions.
The self-extracting setup program "OLReader2502_DE.exe" extracts the
following 3rd party files (ALL are updates/installers from Microsoft)
into "%TEMP%\SignCubesInstall":
Vulnerable Products
+------------------
The following products are vulnerable:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1b
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
* Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)
Vulnerable Products
+------------------
The following products are vulnerable:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3c)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(2)
- - -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0006
Synopsis: Critical security updates for all supported
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
Unified Communications Manager.
Vulnerable Products
+------------------
The following Cisco Unified Communications Manager versions are
affected:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
=================
Vulnerable Products
- -------------------
The following are the products and versions affected by each
vulnerability described within this advisory.
+---------------------------------------+
| Vulnerability | Product | Version |
| | Affected | Affected |
Affected Products
=================
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module are affected by multiple
vulnerabilities. Affected versions of Cisco ASA Software will vary
depending on the specific vulnerability. Consult the "Software
Versions and Fixes" section of this security advisory for more
information about the affected version.
Cisco PIX Security Appliances may be affected by some of the
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
=================
Vulnerable Products
+------------------
The following versions of Cisco Unified Presence and Jabber
Extensible Communications Platform (Jabber XCP) are affected by the
vulnerability in this advisory. JabberNow appliances are also
affected if they are running a vulnerable version of Jabber XCP
software.
Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
disabled by default.
Crafted HTTP Packet DoS Vulnerability
+------------------------------------
Affected Products
=================
The following paragraphs describe the affected Cisco ASA and Cisco
PIX software versions:
Vulnerable Products
+------------------
The following sections provide details on the versions of Cisco ASA
Vulnerable Products
+------------------
The vulnerabilities described in this document apply to the Cisco
AnyConnect Secure Mobility Client. The affected versions are included
in the following table:
+------------------------------------------------------------+
| Vulnerability | Platform | Affected Versions |
|-------------------+-----------+----------------------------|
Vulnerable Products
+------------------
The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
3. Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
Crafted TCP ACK Packet Vulnerability
+-----------------------------------
Cisco ASA and Cisco PIX devices are affected by a crafted TCP
acknowledgment (ACK) packet vulnerability. Software versions prior to
7.1(2)70 on the 7.1.x release, 7.2(4) on the 7.2.x release, and 8.0
(3)10 on the 8.0.x release are affected. Cisco ASA or Cisco PIX
security appliances running software version 7.0.x, or 8.1.x are not
vulnerable.
=================
Vulnerable Products
+------------------
The following Cisco UCCX versions are vulnerable:
* Cisco UCCX version 6.0(x)
* Cisco UCCX version 7.0(x)
* Cisco UCCX version 8.0(x)
* Cisco UCCX version 8.5(x)
Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions.
Proof regarding authenticity can be obtained from the published release notes:
http://software.open-xchange.com/OX6/6.20/doc/Release_Notes_for_Public_Patch_Release_1310_6.20.7_Rev14_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1311_6.22.0_Rev13_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1312_6.22.1_Rev14_2013-02-28.pdf
Product: Open-Xchange Server 6
Vendor: Open-Xchange GmbH
Next Page>>
|
