18.3 C
London
Tuesday, August 22, 2017

VU#624539: Ragentek Android OTA update mechanism vulnerable to MITM attack

Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel,which can allow a remote attacker to execute arbitrary code with root privileges.

VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a...

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016 Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with...

VU#210884: F5 ARX Data Manager contains a SQL injection vulnerability

F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability.

VU#875548: MicroPact iComplaints cross-site scripting vulnerability

MicroPact iComplaints contains a persistent cross-site scripting vulnerability.

VU#269991: Cobham Sailor 6000 series satellite terminal contain hardcoded credentials

Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol.

VU#252743: GNU Bash shell executes commands in exported functions in environment...

GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution.

VU#143335: mDNSResponder contains multiple memory-based vulnerabilities

mDNSResponder contains multiple memory-based vulnerabilities Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016 Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987 Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.CWE-476: NULL Pointer Dereference - CVE-2015-7988Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.Apple has also issued a security advisory for these issues.mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues.

The CVSS score below is based on CVE-2015-7987. Impact A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder. Solution Apply an updatemDNSResponder 625.41.2 has been released to address these issues.

Affected users should update as soon as possible. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Android Open Source Project Affected 03 Nov 2015 27 Jan 2016 Apple Affected 16 Oct 2015 23 Oct 2015 Arista Networks, Inc. Not Affected 22 Jan 2016 15 Feb 2016 CoreOS Not Affected 22 Jan 2016 25 Jan 2016 Debian GNU/Linux Not Affected 23 Oct 2015 23 Oct 2015 Fedora Project Not Affected 23 Oct 2015 22 Jan 2016 Infoblox Not Affected 22 Jan 2016 25 Jan 2016 Intel Corporation Not Affected 22 Jan 2016 25 Jan 2016 Red Hat, Inc. Not Affected 23 Oct 2015 22 Jan 2016 ACCESS Unknown 21 Mar 2016 21 Mar 2016 Alcatel-Lucent Unknown 21 Mar 2016 21 Mar 2016 Arch Linux Unknown 23 Oct 2015 23 Oct 2015 Aruba Networks Unknown 21 Mar 2016 21 Mar 2016 AT&T Unknown 21 Mar 2016 21 Mar 2016 Avaya, Inc. Unknown 22 Jan 2016 22 Jan 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Temporal 5.3 E:POC/RL:OF/RC:C Environmental 4.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2015-7987 CVE-2015-7988 Date Public: 20 Jun 2016 Date First Published: 20 Jun 2016 Date Last Updated: 20 Jun 2016 Document Revision: 82 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.

VU#396212: Netgear ProSafe Plus Configuration Utility writes out plaintext passwords to...

The Netgear ProSafe Plus Configuration Utility exposes password information via the configuration backup file.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

VU#613308: Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability

Cisco AsyncOS contains a reflected cross-site scripting(XSS)vulnerability.

VU#751328: QNAP QTS is vulnerable to a path traversal attack when...

QNAP QTS is a Network-Attached Storage(NAS)system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X.

VU#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information

OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as"heartbleed."