Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
3bb68d70578902fa49aa28ddac5c00c057ccf7040672b0e7d40d0048e61e4feeUbuntu Security Notice 3096-1 - Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
b8f300fae17a52f76a9e98de101486d8e3686770df1e46d25f5d8739810e8276Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
478bf4dcc23d2ef96d26269234864bc75b3152960f1f077a183667abd3cd5cd2Cisco Firepower Threat Management Console suffers from a denial of service vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
93b912c298ea153c2c41d2e2762896ea94b468117fac32c32eaf77e232760a41Cisco Security Advisory - A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly.
8ce0b4e2cd44fc5124a463c2336491a1f1c4130af4c7ad089c31218a45daeb59HP Security Bulletin HPSBGN03639 1 - A potential security vulnerability has been identified in HPE KeyView. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
ad870e799f99454ad629da5f592d1255669c940f72b247fcf719a8620fb2255cCisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
00ef1585c4be6ec24217654758520b7d73508afb58cff86f584eb0bf75779bdaCisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this vulnerability by sending crafted DHCPv4 offer packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
bac105f058522024fd5c926ed7cc41355e441a7c3681a5874180b326f3b1738fRed Hat Security Advisory 2016-2008-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017.
ea7f206596072ef53311be046748828ddad6a795d5ff9245de3f7f370adef18bRed Hat Security Advisory 2016-2007-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 53.0.2785.143. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
b16f665f8347282f8c839c6c2476247470d5cae3c5bd7e9751768919f246300aFlash Operator Panel version 2.31.03 suffers from a script insertion vulnerability.
f1de64fa3f392d566daadb176e78352a307b1133c7748337563c79230cfe116eCyberoam iview UTM version 0.1.2.7 suffers from a client-side cross site scripting vulnerability.
4a5b9d992fa0188eff8de7c2aeafaa0db37bbb54222dd28890d6a9a96e803c1cClean Master version 1.0 suffers from an unquoted path privilege escalation vulnerability.
0db2fffe34b0feecf451420c297c32fc64dea6bde96103e6106f7ff88e9a353fCisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.
340707f4d5b3dac91cc48f0c12337c760677cc76dc14f6c4697885df69e314c1Cisco Security Advisory - A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
8cb73f0b885457c1bbb6667d3ca9b50ef7466185234b0cfb0a6f89c9092b7bf4FortKnox Personal Firewall version 2015 build 16.0.405.0 suffers from a privilege escalation vulnerability.
7d3d24557d4d4420d167d519f220e596e859d32c346992d9d720f2109342b702Abyss Web Server X1 version 2.11.1 suffers from an unquoted service path privilege escalation vulnerability.
d6a1dcf957abf0c183711f13b45bbe45a0c135305bc93a29cf817b6b12c118d6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed