|
|
Colapse all |
Post message
Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability 2015-09-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities 2015-09-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities Advisory ID: cisco-sa-20150923-fhs Revision 1.0 For Public Release 2015 September 23 16:00 UTC (GMT) +--------------------------------------------------------- [ more ] [ reply ] UltraEdit v22.20 - Buffer Overflow Vulnerability 2015-09-23 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== UltraEdit v22.20 - Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1601 Release Date: ============= 2015-09-16 Vulnerability Laboratory ID (VL-ID): ==================================== 1 [ more ] [ reply ] WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability 2015-09-23 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID (VL-ID): =================== [ more ] [ reply ] Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability 2015-09-23 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1560 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID (VL-ID): =============== [ more ] [ reply ] Reflected Cross-Site Scripting (XSS) in iTop 2015-09-23 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Version(s): 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 [without technical details] Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23 [ more ] [ reply ] Open-Xchange Security Advisory 2015-09-23 2015-09-23 Martin Heiland (martin heiland lists open-xchange com) Vendor: Open-Xchange GmbH Product: Open-Xchange Server 6 / OX AppSuite Internal reference: 39485 (Bug ID) Vulnerability type: Cross-Site Scripting (CWE-80) Vulnerable version: OX6 6.22.9, AppSuite 7.6.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed b [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-265-01) 2015-09-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-265-01) New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/ [ more ] [ reply ] Cisco AnyConnect elevation of privileges via DLL side loading 2015-09-22 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges via DLL side loading ------------------------------------------------------------------------ Yorick Koster, June 2015 ------------------------------------------------------------------ [ more ] [ reply ] [security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information 2015-09-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04762334 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762334 Version: 1 HPSBGN03391 r [ more ] [ reply ] [security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) 2015-09-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04800156 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04800156 Version: 1 HPSBUX03511 S [ more ] [ reply ] UDID v1.0 iOS - Persistent Mail Encode Vulnerability 2015-09-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability 2015-09-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] APPLE-SA-2015-09-21-1 watchOS 2 2015-09-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction [ more ] [ reply ] Jasig CAS server vulnerabilities 2015-09-21 Antoni Klajn (antoni d klajn pwr edu pl) Hi, Jasig CAS server version 4.0.1 is prone to xss vulnerabilities Timeline: 20.02.2015 - Vendor notified 11.05.2015 - Patches released 21.09.2015 - Bugtraq disclosure Vulnerable version: 4.0.1 Fixed version: 4.0.2 Vulnerabilities details: 1) XSS in OpenID server Obtain method: Paste thi [ more ] [ reply ] Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft) 2015-09-21 securityresearch shaftek biz Original at: http://securityresearch.shaftek.biz/2015/09/insufficient-parameter-sanit ization-login-live-com.html Overview Web widgets hosted by Microsoft?s online login portal, login.live.com, do not perform sufficient parameter sanitization allowing an attacker to inject arbitrary text. Backgroun [ more ] [ reply ] CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth 2015-09-21 Antoine Neuenschwander (Antoine Neuenschwander csnc ch) ############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # Product: nevisAuth [1] # Vendor: AdNovum [2] # CVD ID: CVE-2015-5372 # Subject: [ more ] [ reply ] [SECURITY] [DSA 3363-1] owncloud-client security update 2015-09-20 Luciano Bello (luciano debian org) Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ... 2015-09-19 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since Microsoft introduced the security theatre named "user account control" with Windows Vista users cant start (another instance of) the Windows Explorer with elevated rights any more: the "Run as administrator" and the "Run as different user" context menu entries only start another insta [ more ] [ reply ] SAP Netwaver - XML External Entity Injection 2015-09-21 Lukasz Miedzinski (lukasz miedzinski gmail com) Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : <7.01 Vendor advisories (only for customers): =================== External ID : 851975 201 [ more ] [ reply ] [SECURITY] [DSA 3362-1] qemu-kvm security update 2015-09-18 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3362-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 [ more ] [ reply ] [SECURITY] [DSA 3361-1] qemu security update 2015-09-18 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3361-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 [ more ] [ reply ] KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation 2015-09-17 KoreLogic Disclosures (disclosures korelogic com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation Title: VBox Satellite Express Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-005 Publication Date: 2015.09.16 Publication URL: https://www.korelogic.com/Reso [ more ] [ reply ] [security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information 2015-09-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04779034 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04779034 Version: 1 HPSBST03418 r [ more ] [ reply ] APPLE-SA-2015-09-16-4 OS X Server 5.0.3 2015-09-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-4 OS X Server 5.0.3 OS X Server 5.0.3 is now available and addresses the following: apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote [ more ] [ reply ] Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912) 2015-09-16 Amit Klein (aksecurity gmail com) APPLE-SA-2015-09-16-3 iTunes 12.3 2015-09-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-3 iTunes 12.3 iTunes 12.3 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code [ more ] [ reply ] APPLE-SA-2015-09-16-2 Xcode 7.0 2015-09-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-2 Xcode 7.0 Xcode 7.0 is now available and addresses the following: DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the [ more ] [ reply ] APPLE-SA-2015-09-16-1 iOS 9 2015-09-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA256
Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20150923-sshpk
Revision 1.0
For Public Release 2015 September 23 16:00 UTC (GMT)
+------------------------------------------------
[ more ] [ reply ]