BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 31 min ago

[SYSS-2016-052] QNAP QTS - OS Command Injection

August 18, 2016 - 10:13am

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

August 18, 2016 - 6:58am

Posted by Andrew Klaus on Aug 18

### Device Details
Vendor: Actiontec (Telus Branded)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manual.pdf
Reported: November 2015
Status: Fixed on T2200H-31.128L.07
CVE: Not needed since update is pushed by the provider.

The Telus Actiontec T2200H is Telus’ standard bonded VDSL2 modem. It...
Categories:

[SECURITY] [DSA 3650-1] libgcrypt20 security update

August 18, 2016 - 6:52am

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3650-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgcrypt20
CVE ID : CVE-2016-6313

Felix Doerre...
Categories:

[SECURITY] [DSA 3649-1] gnupg security update

August 18, 2016 - 6:43am

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3649-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2016-6313

Felix Doerre and...
Categories:

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

August 18, 2016 - 6:35am

Posted by Cisco Systems Product Security Incident Response Team on Aug 18

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-asa-snmp

Revision: 1.0

For Public Release: 2016 August 17 18:45 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======

A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA)
Software could allow an unauthenticated,...
Categories: