VARIoT IoT vulnerabilities database

Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Huawei Quidway Switches has a remote security bypass vulnerability that allows an attacker to exploit this vulnerability to bypass certain security restrictions, perform unauthorized operations, or initiate a denial of service attack. Huawei Quidway Switch is an Ethernet switch product of China Huawei. A security vulnerability exists in the Huawei Quidway Switch V200R005C00SPC300. This may aid in further attacks

Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. Infinite Automation Systems Mango Automation is an open source SCADA/HMI software application from Infinite Automation Systems of Australia that provides real-time logging of data from sensors, PLCs, and databases, generating logs and reports, and sending alerts. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Mango Automation 2.4.0 is vulnerable; other versions may also be affected

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. 2015 Year 1 It has been observed on the moon.A third party may be able to execute arbitrary code. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.442" References ========== [ 1 ] CVE-2015-0301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0301 [ 2 ] CVE-2015-0302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0302 [ 3 ] CVE-2015-0303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0303 [ 4 ] CVE-2015-0304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0304 [ 5 ] CVE-2015-0305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0305 [ 6 ] CVE-2015-0306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0306 [ 7 ] CVE-2015-0307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0307 [ 8 ] CVE-2015-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0308 [ 9 ] CVE-2015-0309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0309 [ 10 ] CVE-2015-0310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0310 [ 11 ] CVE-2015-0311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311 [ 12 ] CVE-2015-0314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0314 [ 13 ] CVE-2015-0315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0315 [ 14 ] CVE-2015-0316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0316 [ 15 ] CVE-2015-0317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0317 [ 16 ] CVE-2015-0318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0318 [ 17 ] CVE-2015-0319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0319 [ 18 ] CVE-2015-0320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0320 [ 19 ] CVE-2015-0321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0321 [ 20 ] CVE-2015-0322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0322 [ 21 ] CVE-2015-0323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0323 [ 22 ] CVE-2015-0324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0324 [ 23 ] CVE-2015-0325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0325 [ 24 ] CVE-2015-0326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0326 [ 25 ] CVE-2015-0327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0327 [ 26 ] CVE-2015-0328 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0328 [ 27 ] CVE-2015-0329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0329 [ 28 ] CVE-2015-0330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0330 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201502-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0094-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0094.html Issue date: 2015-01-27 CVE Names: CVE-2015-0310 CVE-2015-0311 CVE-2015-0312 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185137 - CVE-2015-0310 flash-plugin: Vulnerability that could be used to circumvent memory randomization mitigations (APSB15-02) 1185296 - CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0310 https://access.redhat.com/security/cve/CVE-2015-0311 https://access.redhat.com/security/cve/CVE-2015-0312 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-02.html https://helpx.adobe.com/security/products/flash-player/apsb15-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyAGGXlSAg2UNWIIRAi1BAJ9Q5Uq7Z9D/i5dIrMbLRMK/TUbVpQCfZhjG Xjm8B3oIdHx7wx6dzJxrEAw= =70K0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. Attacks on this vulnerability 2015 Year 1 Observed on the moon.By the attacker, Windows Above ASLR Protection mechanisms may be bypassed and may be unspecified on other platforms. Adobe Flash Player is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.442" References ========== [ 1 ] CVE-2015-0301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0301 [ 2 ] CVE-2015-0302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0302 [ 3 ] CVE-2015-0303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0303 [ 4 ] CVE-2015-0304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0304 [ 5 ] CVE-2015-0305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0305 [ 6 ] CVE-2015-0306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0306 [ 7 ] CVE-2015-0307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0307 [ 8 ] CVE-2015-0308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0308 [ 9 ] CVE-2015-0309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0309 [ 10 ] CVE-2015-0310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0310 [ 11 ] CVE-2015-0311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311 [ 12 ] CVE-2015-0314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0314 [ 13 ] CVE-2015-0315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0315 [ 14 ] CVE-2015-0316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0316 [ 15 ] CVE-2015-0317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0317 [ 16 ] CVE-2015-0318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0318 [ 17 ] CVE-2015-0319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0319 [ 18 ] CVE-2015-0320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0320 [ 19 ] CVE-2015-0321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0321 [ 20 ] CVE-2015-0322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0322 [ 21 ] CVE-2015-0323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0323 [ 22 ] CVE-2015-0324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0324 [ 23 ] CVE-2015-0325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0325 [ 24 ] CVE-2015-0326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0326 [ 25 ] CVE-2015-0327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0327 [ 26 ] CVE-2015-0328 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0328 [ 27 ] CVE-2015-0329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0329 [ 28 ] CVE-2015-0330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0330 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201502-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:0094-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0094.html Issue date: 2015-01-27 CVE Names: CVE-2015-0310 CVE-2015-0311 CVE-2015-0312 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1185137 - CVE-2015-0310 flash-plugin: Vulnerability that could be used to circumvent memory randomization mitigations (APSB15-02) 1185296 - CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.440-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.440-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.440-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.440-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0310 https://access.redhat.com/security/cve/CVE-2015-0311 https://access.redhat.com/security/cve/CVE-2015-0312 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-02.html https://helpx.adobe.com/security/products/flash-player/apsb15-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyAGGXlSAg2UNWIIRAi1BAJ9Q5Uq7Z9D/i5dIrMbLRMK/TUbVpQCfZhjG Xjm8B3oIdHx7wx6dzJxrEAw= =70K0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). D-Link DSL-2730B Router (rev C1) Contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. The D-Link DSL-2730B is a home wireless ADSL router. D-Link DSL-2730B Router is prone to multiple cross-site scripting vulnerabilities. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. D-Link DSL-2730B router running firmware version GE_1.01 is vulnerable. The vulnerability is caused by the insufficient filtering of the 'domainname' parameter in the dnsProxy.cmd file; the insufficient filtering of the 'brName' parameter in the lancfg2get.cgi file; wlsecrefresh The 'wlAuthMode', 'wl_wsc_reg' and 'wl_wsc_mode' parameters were not adequately filtered by the .wl file; the 'wlWpaPsk' parameter was not adequately filtered by the wlsecurity.wl file

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. An attacker can exploit this issue to gain access to sensitive information stored in arbitrary files, that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCur49414. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. The Siemens SIMATIC S7-1200 is a modular PLC controller. Siemens SIMATIC S7-1200 CPU is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway. This BID is being retired as a duplicate of BID 72258. This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Barracuda Load Balancer Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. =============================================================================== title: Virtual Appliance Security Review case id: CM-2013-01 product: Barracuda Load Balancer ADC vulnerability type: Multiple severity: Medium to High found: 2013-12-13 by: Cristiano Maruti (@cmaruti) =============================================================================== [EXECUTIVE SUMMARY] While reviewing the virtual appliance, five major security issues were identified: 1) Ability to recover the file system encryption keys via simil cold-boot attack; 2) Off-line super user password reset via physical attack; 3) Hard-coded credential for an interactive unprivileged user; 4) Hard-coded SSH key file that could permit local privilege escalation; 5) Various credentials and private IP address of Barracuda’s internal server. [VULNERABLE VERSIONS] Barracuda Load Balancer - firmware version 5.0.0.015. Probably there are other appliances from the vendor affected by the same problems. [TECHNICAL DETAILS] The full report with technical details about the vulnerabilities I have identified is available at: https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf [VULNERABILITY REFERENCE] The following ID were associated by Barracuda (BNSECID) to handle the vulnerabilities: - BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000122: VM appliance susceptible to off-line user password reset. - BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000123: Hard coded weak credentials for product user. - BNSEC-0006000126: Internal system information leakage through VM virtual drive. The following CVE IDs were pre-allocated to track the vulnerabilities: - CVE-2014-8426: Hard coded weak credentials for product user. [DISCLOSURE TIMELINE] 2014-01-03 Report submitted to vendor via its bug bounty program. 2014-01-03 Vendor confirmed receiving the report (automatic reply). 2014-01-09 Vendor gave follow-up. 2014-01-13 Vendor provided BNSEC IDs. 2014-01-22 Researcher requested further update about the status of the submission. 2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. 2014-02-06 Researcher requested for the second time an update about the status of his submission. 2014-02-06 Vendor acknowledged the delay in processing the submission because of internal reorganization of the bounty program. 2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities, still processing the submission and developing appropriate fixes. 2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible for the bounty program. 2014-04-20 Barracuda created fixes for the issues reported but postponed the test due to addressing the Heartbleed vulnerability. 2014-04-23 Researcher received the bounty prize. 2014-05-06 Vendor gave follow-up but no further details about the status of the patching process were disclosed. 2014-06-04 Researcher requested further update about the status of the submission. 2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. 2014-12-05 Vendor escalated the issues due to cleanup delayed too many times; coordinated disclosure date will be on January 20th, 2015. 2015-01-20 Public disclosure. [SOLUTION] Vendor addressed the vulnerabilities identified by CVE-2014-8426 and CVE-2014-8428. The Vendor is currently evaluating ways to mitigate the remaining ones. [REPORT URL] https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Barracuda Load Balancer Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. =============================================================================== title: Virtual Appliance Security Review case id: CM-2013-01 product: Barracuda Load Balancer ADC vulnerability type: Multiple severity: Medium to High found: 2013-12-13 by: Cristiano Maruti (@cmaruti) =============================================================================== [EXECUTIVE SUMMARY] While reviewing the virtual appliance, five major security issues were identified: 1) Ability to recover the file system encryption keys via simil cold-boot attack; 2) Off-line super user password reset via physical attack; 3) Hard-coded credential for an interactive unprivileged user; 4) Hard-coded SSH key file that could permit local privilege escalation; 5) Various credentials and private IP address of Barracuda’s internal server. Probably there are other appliances from the vendor affected by the same problems. [TECHNICAL DETAILS] The full report with technical details about the vulnerabilities I have identified is available at: https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf [VULNERABILITY REFERENCE] The following ID were associated by Barracuda (BNSECID) to handle the vulnerabilities: - BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000122: VM appliance susceptible to off-line user password reset. - BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000126: Internal system information leakage through VM virtual drive. - BNSEC-0006000125: Privilege escalation using improperly protected SSH key. - CVE-2014-8428: Privilege escalation using improperly protected SSH key. [DISCLOSURE TIMELINE] 2014-01-03 Report submitted to vendor via its bug bounty program. 2014-01-03 Vendor confirmed receiving the report (automatic reply). 2014-01-09 Vendor gave follow-up. 2014-01-13 Vendor provided BNSEC IDs. 2014-01-22 Researcher requested further update about the status of the submission. 2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. 2014-02-06 Researcher requested for the second time an update about the status of his submission. 2014-02-06 Vendor acknowledged the delay in processing the submission because of internal reorganization of the bounty program. 2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities, still processing the submission and developing appropriate fixes. 2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible for the bounty program. 2014-04-20 Barracuda created fixes for the issues reported but postponed the test due to addressing the Heartbleed vulnerability. 2014-04-23 Researcher received the bounty prize. 2014-05-06 Vendor gave follow-up but no further details about the status of the patching process were disclosed. 2014-06-04 Researcher requested further update about the status of the submission. 2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. 2014-12-05 Vendor escalated the issues due to cleanup delayed too many times; coordinated disclosure date will be on January 20th, 2015. 2015-01-20 Public disclosure. [SOLUTION] Vendor addressed the vulnerabilities identified by CVE-2014-8426 and CVE-2014-8428. The Vendor is currently evaluating ways to mitigate the remaining ones. [REPORT URL] https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup Restore' sub component is affected. This vulnerability affects the following supported versions: ILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. Remote attackers can use this vulnerability to read data, affecting data confidentiality

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. Vendors have confirmed this vulnerability SAP Note 2016638 It is released as. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. http://cwe.mitre.org/data/definitions/611.htmlSkillfully crafted by a third party XML Any file may be accessed through a request. SAP NetWeaver AS ABAP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks

Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. McAfee Email Gateway is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. The following versions are affected: MEG 7.6.x prior to 7.6.3.2, 7.5.x prior to 75.6, 7.0.x through 7.0.5, 5.6 and prior

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Schneider Electric ETG3000 FactoryCast HMI Gateway is a web-based SCADA system. The vulnerability is caused by the program not enforcing adequate access controls when storing the rde.jar file in the web root directory

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'SSL/TLS' protocol. The 'IPMI' sub component is affected. This vulnerability affects the following supported versions: ILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. A remote attacker could exploit this vulnerability to read, update, insert, or delete data, possibly causing a denial of service. Affects the confidentiality, integrity and availability of data

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. Siemens Scalance X Switches is a switch device developed by Siemens. The following versions are vulnerable: Scalance X-300 family running firmware versions prior to 4.0 Scalance X408 family running firmware versions prior to 4.0

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. Siemens Scalance X Switches is a switch device developed by Siemens. The following versions are vulnerable: Scalance X-300 family running firmware versions prior to 4.0 Scalance X408 family running firmware versions prior to 4.0

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway The device firmware contains an information disclosure vulnerability. This vulnerability CVE-2014-3566 ( alias POODLE) Is a different vulnerability.Information may be obtained. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) is a secure remote access solution. Devices using the following firmware versions are affected: 10.5 to 10.5.54.9, 10.5.e to 10.5 Build 54.9009.e, 10.1 to 10.1 Build 130.10, 10.1.e to 10.1 Build 129.1105.e, 10.0 To 10.0 Build 78.6

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Oracle Java SE is prone to a remote vulnerability in Java SE. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 6u85, Java SE 7u72, Java SE 8u25. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IcedTea: Multiple vulnerabilities Date: March 12, 2016 Bugs: #537940, #559532, #565842, #567850, #572716 ID: 201603-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. Background ========== IcedTea's aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. This includes the possibility of remote execution of arbitrary code, information disclosure, or Denial of Service. Workaround ========== There is no known work around at this time. Resolution ========== IcedTea 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4" IcedTea bin 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4" IcedTea 6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9" IcedTea bin 6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9" References ========== [ 1 ] CVE-2014-6585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585 [ 2 ] CVE-2014-6587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587 [ 3 ] CVE-2014-6591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591 [ 4 ] CVE-2014-6593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593 [ 5 ] CVE-2014-6601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601 [ 6 ] CVE-2015-0383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383 [ 7 ] CVE-2015-0395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395 [ 8 ] CVE-2015-0400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400 [ 9 ] CVE-2015-0407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407 [ 10 ] CVE-2015-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408 [ 11 ] CVE-2015-0412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412 [ 12 ] CVE-2015-2590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590 [ 13 ] CVE-2015-2601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601 [ 14 ] CVE-2015-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613 [ 15 ] CVE-2015-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621 [ 16 ] CVE-2015-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625 [ 17 ] CVE-2015-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628 [ 18 ] CVE-2015-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632 [ 19 ] CVE-2015-4731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731 [ 20 ] CVE-2015-4732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732 [ 21 ] CVE-2015-4733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733 [ 22 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 23 ] CVE-2015-4748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748 [ 24 ] CVE-2015-4749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4749 [ 25 ] CVE-2015-4760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760 [ 26 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 27 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 28 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 29 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 30 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 31 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 32 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 33 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 34 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 35 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 36 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 37 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 38 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 39 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 40 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 41 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 42 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 43 ] CVE-2016-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0402 [ 44 ] CVE-2016-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0448 [ 45 ] CVE-2016-0466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0466 [ 46 ] CVE-2016-0483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0483 [ 47 ] CVE-2016-0494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0494 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Impact ====== An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04580241 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04580241 Version: 1 HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-02-25 Last Updated: 2015-02-25 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. References: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 SSRT101951 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.24 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-6585 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2014-6587 (AV:L/AC:L/Au:S/C:P/I:P/A:P) 4.3 CVE-2014-6591 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2014-6593 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-6601 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-0383 (AV:L/AC:M/Au:N/C:N/I:P/A:C) 5.4 CVE-2015-0395 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2015-0400 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-0403 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-0406 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 CVE-2015-0407 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-0408 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-0410 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0412 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0, update to Java v6.0.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60 Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PNV2 Jdk60.JDK60-PWV2 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-PNV2 Jre60.JRE60-PNV2-H Jre60.JRE60-PWV2 Jre60.JRE60-PWV2-H Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.25.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 25 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlTukRcACgkQ4B86/C0qfVnUtwCfRdO1K/zAa/AAg4hCTnSMN8pC K+AAoJzTGDsnjXe/ikKO5pVsr5TZe5aG =NcPf -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2487-1 January 28, 2015 openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenJDK 7. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: icedtea-7-jre-jamvm 7u75-2.5.4-1~utopic1 openjdk-7-jre 7u75-2.5.4-1~utopic1 openjdk-7-jre-headless 7u75-2.5.4-1~utopic1 openjdk-7-jre-lib 7u75-2.5.4-1~utopic1 openjdk-7-jre-zero 7u75-2.5.4-1~utopic1 openjdk-7-source 7u75-2.5.4-1~utopic1 Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u75-2.5.4-1~trusty1 openjdk-7-jre 7u75-2.5.4-1~trusty1 openjdk-7-jre-headless 7u75-2.5.4-1~trusty1 openjdk-7-jre-lib 7u75-2.5.4-1~trusty1 openjdk-7-jre-zero 7u75-2.5.4-1~trusty1 openjdk-7-source 7u75-2.5.4-1~trusty1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. This update contains a known regression in the Zero alternative Java Virtual Machine on PowerPC and a future update will correct this issue. See https://launchpad.net/bugs/1415282 for details. We apologize for the inconvenience. References: http://www.ubuntu.com/usn/usn-2487-1 CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413 Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~utopic1 https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~trusty1

SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Pragyan CMS is a content management system. Pragyan CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 3.0 is vulnerable; other versions may also be affected