Cisco Security Advisory - A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. Successful exploitation could allow the attacker to access the system with the privileges of the root user. In addition to the root user, the guest user account also has a default and static password. The guest account is created at installation and cannot be changed or deleted without impacting the functionality of the system. However, this account has limited privileges on the system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
fc9d0d2252846864b39f5c3b09475bac31aed871f4a9dc779685ed832a514880Debian Linux Security Advisory 3450-1 - Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.
b1042bf33f07950dfbf7089796776d7e9f4596cfcb8a3486e22bff540733ed34OpenVAS Greenbone Security Assistant versions 6.x below 6.0.8 suffer from a cross site scripting vulnerability.
c100aa9dd05c58bbac1bf66e9cf62baa4cb8e642151b8bd891cc2abd39279babApple Security Advisory 2016-01-19-3 - Safari 9.0.3 is now available and addresses privacy and multiple memory corruption vulnerabilities.
e462c2f203f87776c54462f2cf71e63da2af33926e762713c80e27c1e4796bbcApple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.
100bff59d0f404f5edd70e97d638dbeff75a49bfaed850a3f6f6bf7da7f8c8faApple Security Advisory 2016-01-19-1 - iOS 9.2.1 is now available and addresses memory corruption and privacy issues.
66bd988cb715ab4f2c40371dc158bf2d8cb4a130aab3901a47e8362cb993c581LiteSpeed Web Server version 5.1.0 suffers from an HTTP header injection vulnerability.
76561d0d88d813f65aedad11a3ffc3863155118a995642ed7121320ace840801Ubuntu Security Notice 2876-1 - Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges.
8336d51aed302ea16f55200e926eb72d4d4c273b8a7f860f8cdca0f7ef0f3235Debian Linux Security Advisory 3449-1 - It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.
9c5126f6a38834936685b484189802425c16dcb30a0def35a457930995235275Cisco Security Advisory - A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Unified Computing System (UCS) Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotecting calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability.
9c8fe5c6f50edaa9c3f0047fc7cc1967a178d3b69c2eb01ef7ae36795f502b11HP Security Bulletin HPSBGN03534 1 - A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.
04abf29429cd8d8be359decc853470a622f96ac378c0c6755bc6cdbc04dd6745Linux kernel REFCOUNT overflow / use-after-free in keyrings exploit.
6accf132dc4160f346048e277203e24deea0687a873e81ce785f196eeab60952Ubuntu Security Notice 2874-1 - It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
79c2264aa4bbf6599a9769e264c77651900d8554ab8ef78a9f3d91d35415cd61The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
57512bda6726015a94a39b26e05df1753c4e266124109b976760ff14c5ade4b9Ubuntu Security Notice 2875-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.
e44fbd2269ca21ca0f979180d2710977d6e765bc703e4175699f18ab18cfafc9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed