Feed aggregator

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

BugTraq Latest Security Advisories - June 29, 2015 - 6:59am

Posted by SEC Consult Vulnerability Lab on Jun 29

SEC Consult Vulnerability Lab Security Advisory < 20150626-0 >
=======================================================================
title: Critical vulnerabilities allow surveillance on conferences
product: Polycom RealPresence Resource Manager (RPRM)
vulnerable versions: <8.4
fixed version: 8.4
CVE numbers: CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684...
Categories:

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

BugTraq Latest Security Advisories - June 29, 2015 - 6:50am

Posted by Security Alert on Jun 29

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

CVE Identifier: CVE-2015-0543, CVE-2015-0544

Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE

Affected products:

• ESRS VE version 3.02
• ESRS VE version 3.03
• ESRS VE version 3.04

Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could...
Categories:

Bugtraq: Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
Categories:

Bugtraq: ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
Categories:

Bugtraq: Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities
Categories:

Bugtraq: [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE
Categories:

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability

BugTraq Latest Security Advisories - June 29, 2015 - 6:41am

Posted by Imre RAD on Jun 29

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer
applications that are used to generate and validate
digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected
the „e-akta” signed document file format, where a file with a valid digital signature could be manipulated in a way
that the verification software...
Categories:

next-20150629: linux-next

Linux Kernel Updates - June 28, 2015 - 11:04pm
Version:next-20150629 (linux-next) Released:2015-06-29

Vuln: Multiple Cisco Products CVE-2015-0744 Denial of Service Vulnerability

Security Focus Latest Security Advisories - June 28, 2015 - 11:00pm
Multiple Cisco Products CVE-2015-0744 Denial of Service Vulnerability
Categories:

3.18.17: longterm

Linux Kernel Updates - June 28, 2015 - 12:41pm
Version:3.18.17 (longterm) Released:2015-06-28 Source:linux-3.18.17.tar.xz PGP Signature:linux-3.18.17.tar.sign Patch:patch-3.18.17.xz (Incremental) ChangeLog:ChangeLog-3.18.17

next-20150626: linux-next

Linux Kernel Updates - June 26, 2015 - 3:59am
Version:next-20150626 (linux-next) Released:2015-06-26

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

BugTraq Latest Security Advisories - June 25, 2015 - 11:50am

Posted by Cisco Systems Product Security Incident Response Team on Jun 25

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Advisory ID: cisco-sa-20150625-ironport

Revision 1.0

For Public Release 2015 June 25 16:00 UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security
Management Virtual Appliance (SMAv) are...
Categories:

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

BugTraq Latest Security Advisories - June 25, 2015 - 11:42am

Posted by Security Alert on Jun 25

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

EMC Identifier: ESA-2015-102

CVE Identifier: CVE-2015-0545

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected products:
• EMC Unisphere for VMAX 8.0.0
• EMC Unisphere for VMAX 8.0.1
• EMC Unisphere for VMAX 8.0.2

Summary:
EMC Unisphere for VMAX 8.0.3.4 contains a fix for a remote code execution vulnerability that...
Categories:

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

BugTraq Latest Security Advisories - June 25, 2015 - 10:08am

Posted by post on Jun 25

About Encripto AS
=================

Encripto is a Norwegian company which provides specialized services within IT-security.
Our core expertise is security testing, network security monitoring and training.
Encripto is committed to information security. We do research to discover trends, new vulnerabilities and better ways
to mitigate them.
We believe in acting as good internet citizens to the industry, whether you are a provider or a user....
Categories:

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

BugTraq Latest Security Advisories - June 25, 2015 - 8:19am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

Application: SAP Mobile Platform 3.0
Versions Affected: SAP Mobile Platform 3.0, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 29.12.2014
Reported: 29.12.2014
Vendor response: 30.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll

BugTraq Latest Security Advisories - June 25, 2015 - 8:11am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS
in the module XeClient.Dll

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference: SAP Security Note...
Categories:

[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS

BugTraq Latest Security Advisories - June 25, 2015 - 8:01am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16
- DoS

Application: SYBASE SQL Anywhere 12 and 16
Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check

BugTraq Latest Security Advisories - June 25, 2015 - 7:53am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener -
Missing authorization check

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure

BugTraq Latest Security Advisories - June 25, 2015 - 7:45am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console
ReadProfile Parameters - Information disclosure

Application: SAP Management Console
Versions Affected: SAP NW 7.4 Management Console, probably others
Vendor URL: http://SAP.com
Bugs: Information disclosure
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory:...
Categories:

[ERPSCAN-15-005] SAP Mobile Platform - XXE

BugTraq Latest Security Advisories - June 25, 2015 - 7:37am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.14
Reported: 06.11.14
Vendor response: 07.11.14
Date of Public Advisory: 18.06.2015
Reference: SAP Security Note...
Categories: