Saturday, December 16, 2017

VU#101500: Retrospect Backup Client uses weak password hashing

Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision,allowing an attacker to generate a password hash collision and gain access to the target's backup files.

VU#403768: Akeo Consulting Rufus fails to update itself securely

Akeo Consulting Rufus fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code on a vulnerable system.

VU#209512: Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Mobile Devices C4 OBD2 dongle,and potentially other rebranded devices,contains multiple vulnerabilities

VU#432608: IBM Notes Traveler for Android transmits user credentials over HTTP

The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials,which can allow an attacker to obtain this information.

VU#712660: Raritian PX power distribution software is vulnerable to the cipher...

Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0(aka cipher zero)and an arbitrary password.

VU#842252: HP ArcSight Logger contains multiple vulnerabilities

HP ArcSight Logger contains multiple vulnerabilities,allowing authentication bypass and privilege escalation in certain scenarios.

VU#882841: Microsoft Office file format converter memory corruption vulnerability

The Microsoft Office file format converter contains a memory corruption vulnerability,which may allow a remote,unauthenticated attacker to execute arbitrary code with the privileges of the user.

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager

Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases.

VU#204988: Kaseya’s agent driver contains NULL pointer dereference

Kaseya's agent driver,kapfa.sys,is vulnerable to a NULL pointer dereference.

VU#748992: Adobe Flash memory corruption vulnerability

Adobe Flash memory corruption vulnerability Original Release date: 15 Jun 2016 | Last revised: 16 Jun 2016 Overview Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild. Description Adobe Flash Player 21.0...

VU#943167: Voice over LTE implementations contain multiple vulnerabilities

Long Term Evolution(LTE)mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol,unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks not previously possible. Some implementations of LTE networks and mobile applications are currently vulnerable to several issues which may result in loss of privacy,incorrect billing,and data spoofing.

VU#298796: Centreon contains multiple vulnerabilities

Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities.