Browsing articles in "Security Advisory"
Sep
27
2014
Shellshock: a bug bigger than Heartbleed?
shellshock

Recently, the Red Hat team have found a critical remotely exploitable vulnerability in the Bash (aka the GNU Bourne Again Shell), that allow a remote attacker to inject arbitrary commands. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash […]

Apr
7
2014
March 2014: nine Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published nine important vulnerability advisories: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco AsyncOS Software Code Execution Vulnerability Cisco Small Business Router Password Disclosure Vulnerability Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Mar
5
2014
February 2014: five Cisco vulnerabilities
Cisco-vulnerabilities

Cisco Prime Infrastructure Command Execution Vulnerability Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Multiple Vulnerabilities in Cisco IPS Software  Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco UCS Director Default Credentials Vulnerability

Feb
7
2014
January 2014: five Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Cisco TelePresence System Software Command Execution Vulnerability Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Secure Access Control System Undocumented Test Interface in Cisco Small Business Devices

Dec
6
2013
November 2013: three Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability Cisco WAAS Mobile Remote Code Execution Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Nov
10
2013
October 2013: seven Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Cisco IOS XR Software Route Processor Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Identity Services Engine Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Multiple Vulnerabilities in Cisco Firewall Services Module Software Multiple Vulnerabilities in Cisco ASA Software Cisco IOS XR Software Memory Exhaustion Vulnerability

Oct
12
2013
September 2013: eleven Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published eleven important vulnerability advisories: Cisco IOS Software Queue Wedge Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability Cisco IOS Software DHCP Denial of Service Vulnerability Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password […]

Sep
20
2013
August 2013: six Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published six important vulnerability advisories: Cisco Secure Access Control Server Remote Command Execution Vulnerability Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability Cisco TelePresence System Default Credentials Vulnerability OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

Aug
12
2013
July 2013: five Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Cisco WAAS Central Manager Remote Code Execution Vulnerability Multiple Vulnerabilities in the Cisco Video Surveillance Manager Multiple Vulnerabilities in Cisco Intrusion Prevention System Software Multiple Vulnerabilities in Cisco Unified Communications Manager Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, […]

Jul
11
2013
June 2013: five Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Multiple Vulnerabilities in Cisco Web Security Appliance Multiple Vulnerabilities in Cisco Email Security Appliance Multiple Vulnerabilities in Cisco Content Security Management Appliance Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability Multiple Vulnerabilities in Cisco TelePresence TC and TE Software