Feed aggregator

[SYSS-2016-055] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 2:36pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-055
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Unfixed
Manufacturer Notification: 2016-06-08
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-048] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 2:29pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting

BugTraq Latest Security Advisories - August 18, 2016 - 2:23pm

Posted by bugtraq on Aug 18

dvisory ID: SYSS-2016-051
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-054] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 2:13pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-07
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-048] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 2:05pm

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

Bugtraq: [SYSS-2016-048] QNAP QTS - OS Command Injection

Security Focus Latest Security Advisories - August 18, 2016 - 2:00pm
[SYSS-2016-048] QNAP QTS - OS Command Injection
Categories:

Bugtraq: [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite

Security Focus Latest Security Advisories - August 18, 2016 - 2:00pm
[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite
Categories:

Bugtraq: [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

Security Focus Latest Security Advisories - August 18, 2016 - 2:00pm
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
Categories:

Bugtraq: [SYSS-2016-052] QNAP QTS - OS Command Injection

Security Focus Latest Security Advisories - August 18, 2016 - 2:00pm
[SYSS-2016-052] QNAP QTS - OS Command Injection
Categories:

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting

BugTraq Latest Security Advisories - August 18, 2016 - 10:38am

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...
Categories:

[SYSS-2016-048] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 10:30am

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite

BugTraq Latest Security Advisories - August 18, 2016 - 10:21am

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-053
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Arbitrary file overwrite (CWE-23)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

[SYSS-2016-052] QNAP QTS - OS Command Injection

BugTraq Latest Security Advisories - August 18, 2016 - 10:13am

Posted by bugtraq on Aug 18

Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...
Categories:

Bugtraq: Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

Security Focus Latest Security Advisories - August 18, 2016 - 8:00am
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access
Categories:

Bugtraq: [SECURITY] [DSA 3650-1] libgcrypt20 security update

Security Focus Latest Security Advisories - August 18, 2016 - 8:00am
[SECURITY] [DSA 3650-1] libgcrypt20 security update
Categories:

Bugtraq: [SECURITY] [DSA 3649-1] gnupg security update

Security Focus Latest Security Advisories - August 18, 2016 - 8:00am
[SECURITY] [DSA 3649-1] gnupg security update
Categories:

Bugtraq: Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - August 18, 2016 - 8:00am
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
Categories:

Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access

BugTraq Latest Security Advisories - August 18, 2016 - 6:58am

Posted by Andrew Klaus on Aug 18

### Device Details
Vendor: Actiontec (Telus Branded)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manual.pdf
Reported: November 2015
Status: Fixed on T2200H-31.128L.07
CVE: Not needed since update is pushed by the provider.

The Telus Actiontec T2200H is Telus’ standard bonded VDSL2 modem. It...
Categories:

[SECURITY] [DSA 3650-1] libgcrypt20 security update

BugTraq Latest Security Advisories - August 18, 2016 - 6:52am

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3650-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgcrypt20
CVE ID : CVE-2016-6313

Felix Doerre...
Categories:

[SECURITY] [DSA 3649-1] gnupg security update

BugTraq Latest Security Advisories - August 18, 2016 - 6:43am

Posted by Salvatore Bonaccorso on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3649-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2016-6313

Felix Doerre and...
Categories: