VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201402-0568 No CVE Netsynt CRD Voice Router Telnet CLI Default Administrator Password Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Netsynt CRD is a voice router. The Netsynt CRD Voice Router dims the default user credentials, and the Telnet CLI has a 'netsynt' password that allows remote attackers to gain privileged access to the device.
VAR-201402-0564 No CVE Multiple vulnerabilities in multiple ASUS routers CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
ASUS is one of the world's leading providers of 3C solutions, dedicated to providing the most innovative products and applications to individuals and businesses. ASUS multiple router products have security vulnerabilities: 1. A reflective cross-site scripting vulnerability exists on the router error page, allowing an attacker to build a malicious URI, enticing a user to resolve, gaining sensitive information or hijacking a user session. 2, http://192.168.1.1/error_page.htm The error page contains the current administrator password information, allowing the attacker to view the source code to obtain the password information. An attacker could leverage these issues to gain unauthorized access to the affected device, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device
VAR-201402-0405 CVE-2014-1266 plural  Apple  of the product  Data Security  of the component  Secure Transport  in function  SSL  Server spoofing vulnerability CVSS V2: 5.8
CVSS V3: 7.4
Severity: HIGH
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Apple iOS and TV are prone to a security-bypass vulnerability because it fails to properly validate connections. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. There is a security vulnerability in the 'SSLVerifySignedServerKeyExchange' function in the libsecurity_ssl/lib/sslKeyExchange.c file of the Secure Transport function of the Data Security component in Apple iOS. An attacker in a privileged network position could potentially capture or modify data in an SSL/TLS-protected session. The following versions are affected: Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, Apple OS X 10.9.x prior to 10.9.2 Version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-21-2 iOS 7.0.6 iOS 7.0.6 is now available and addresses the following: Data Security Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0.6". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTBpN9AAoJEPefwLHPlZEwFpYP/2Ac20hocp3/xWv08EFmpZpl T52aoGMpJxZFRh307mS76jNXDZ2KodcBboESKbYE8PxMK9DkAtqEbSQjMa9cUK3+ 3iUhqNnFm7YrG8+8JVoZ58Jxiq9zEmKGVEf+s4o1F1ORJPAQRDROiC5MBru1UOAb /sXZeX1Awr81RJeu4f8A9Qddu6AEICr2sYRlWQA8wa24Y2qswrOvqvFRSK4WnB8L 6sqe6JL0C59GhjRh11WsObMQN+vbBcVty7q4e0WfuLNt0LP8yZBC2XruAx0Q2v1k t5JA6keq7zwAzE+zO4qjYXGTVePyPe7vJx00ndjvTjAI7iXrcRgNxUuH5BAj7O7h agzSWNKvaUYynJd2oiv5onN7kh+3UbexiXIKOc5ZgOpVk7fgLCnN9UcPuxpGjF5u RODQM5LtAYEdmzs4Ws711Gu+k0OT3QTWXWu9/k6Yp2DKwCjDp9gzM/EhT5T7PqCL KM8gnGOiTJh0vUmdI94huF987heNBzoRId/wdip/e2iXKTGB3Z8AipmDi72v63FB seh7rZWOgxZ+9YSCyXFl4FfcZDBSEhERzw2C8OXP2iXBzspM3LsqlqBbbyTB/bRm lOSrP8nxkf0Fw8ehqs52wxfjenk2hvnkHddE4HU3DuvoK4M9hZ98sLppHxoxw7Lp aMn7lqBBT+6V5+uaVkA8 =klGW -----END PGP SIGNATURE-----
VAR-201402-0348 CVE-2014-0758 Iconics GENESIS32 ActiveX Control Remote code execution vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. GENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable
VAR-201402-0219 CVE-2014-0737 Cisco Unified IP Phone 7960G CTL Trust Chain Enforcement Security Bypass Vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. The Cisco Unified IP Phones 7960G is an IP telephony device developed by Cisco. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuj66795
VAR-201402-0220 CVE-2014-0738 Cisco Adaptive Security Appliance Software Phone Proxy Vulnerabilities that bypass authentication in components CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. Successfully exploiting this issue will allow an attacker to perform certain unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCuj66770
VAR-201402-0221 CVE-2014-0739 Cisco Adaptive Security Appliance Software Phone Proxy In the component sec_db Vulnerability that bypasses authentication CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and pass traffic from an untrusted phone through the ASA. This issue is tracked by Cisco Bug ID's CSCuj66766
VAR-201402-0539 No CVE D-Link DIR-615 Wireless N300 Routing Cross-Site Request Forgery Vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
D-Link DIR-615 The Wireless N300 has cross-site request forgery, allowing remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations, such as operating device data, in the context of the target user. D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A cross-site request forgery vulnerability exists in the D-Link DIR-615 Wireless N300 router running firmware version 5.10. A remote attacker could use this vulnerability to perform unauthorized operations. D-Link DIR-615 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks
VAR-201402-0250 CVE-2014-0499 Adobe Flash Player and Adobe AIR In ASLR Vulnerabilities that circumvent protection mechanisms CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. Attackers can exploit this issue to obtain sensitive information. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. A remote attacker can exploit this vulnerability to bypass the ASLR protection mechanism. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356" References ========== [ 1 ] CVE-2014-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498 [ 2 ] CVE-2014-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499 [ 3 ] CVE-2014-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502 [ 4 ] CVE-2014-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503 [ 5 ] CVE-2014-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504 [ 6 ] CVE-2014-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506 [ 7 ] CVE-2014-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507 [ 8 ] CVE-2014-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508 [ 9 ] CVE-2014-0509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509 [ 10 ] CVE-2014-0515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0196-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html Issue date: 2014-02-21 CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1067656 - CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0498.html https://www.redhat.com/security/data/cve/CVE-2014-0499.html https://www.redhat.com/security/data/cve/CVE-2014-0502.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe MX7b/r4AbJFfCjm9BexmJdw= =X9yY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201402-0253 CVE-2014-0502 Adobe Flash Player and Adobe AIR Memory double free vulnerability CVSS V2: 10.0
CVSS V3: 8.8
Severity: HIGH
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Attacks on this vulnerability 2014 Year 2 Observed on the moon.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Adobe AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356" References ========== [ 1 ] CVE-2014-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498 [ 2 ] CVE-2014-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499 [ 3 ] CVE-2014-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502 [ 4 ] CVE-2014-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503 [ 5 ] CVE-2014-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504 [ 6 ] CVE-2014-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506 [ 7 ] CVE-2014-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507 [ 8 ] CVE-2014-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508 [ 9 ] CVE-2014-0509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509 [ 10 ] CVE-2014-0515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0196-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html Issue date: 2014-02-21 CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0498.html https://www.redhat.com/security/data/cve/CVE-2014-0499.html https://www.redhat.com/security/data/cve/CVE-2014-0502.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe MX7b/r4AbJFfCjm9BexmJdw= =X9yY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201402-0249 CVE-2014-0498 Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely result in denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356" References ========== [ 1 ] CVE-2014-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498 [ 2 ] CVE-2014-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499 [ 3 ] CVE-2014-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502 [ 4 ] CVE-2014-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503 [ 5 ] CVE-2014-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504 [ 6 ] CVE-2014-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506 [ 7 ] CVE-2014-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507 [ 8 ] CVE-2014-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508 [ 9 ] CVE-2014-0509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509 [ 10 ] CVE-2014-0515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0196-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html Issue date: 2014-02-21 CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2014-0498, CVE-2014-0499, CVE-2014-0502) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1067656 - CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.341-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.341-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.341-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.341-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0498.html https://www.redhat.com/security/data/cve/CVE-2014-0499.html https://www.redhat.com/security/data/cve/CVE-2014-0502.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe MX7b/r4AbJFfCjm9BexmJdw= =X9yY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201402-0508 No CVE Linksys WRT120N 'fprintf()' Function Remote Stack Buffer Overflow Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The Cisco Linksys WRT120N is a wireless router product from Cisco (USA). A remote stack-based buffer overflow vulnerability exists in the Cisco Linksys WRT120N. The vulnerability stems from the program's incorrect boundary check of user-supplied input, causing the program to copy data beyond the allocated memory buffer space. An attacker could use this vulnerability to execute arbitrary code in the context of an affected program or cause a denial of service. There are vulnerabilities in Linksys WRT120N running firmware version 1.0.07, other versions may also be affected. Failed exploit attempts will result in denial-of-service conditions
VAR-201402-0194 CVE-2014-0709 Cisco UCS Director Vulnerabilities that gain management access CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. Cisco Unified Computing System Director is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges. This issue is tracked by Cisco Bug ID CSCui73930. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. The vulnerability is caused by the program using the default root account
VAR-201402-0195 CVE-2014-0710 Cisco Firewall Services Module Software Cut-Through Service operation interruption in proxy function (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824. ( Device reload ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuj16824 It is released as.Denial of service by a third party through specific matching traffic ( Device reload ) There is a possibility of being put into a state. An attacker can exploit this issue to cause a vulnerable device to reload, triggering a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCuj16824
VAR-201402-0196 CVE-2014-0718 Cisco IPS Software produce-verbose-alert Service disruption in functionality (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266. Cisco IPS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the Analysis Engine process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCui91266. The software protects against malware, worms, viruses, and more
VAR-201402-0197 CVE-2014-0719 Cisco IPS Denial of service in the implementation of software control plane access lists (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. Cisco IPS Software is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the MainApp process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCui67394. The software protects against malware, worms, viruses, and more
VAR-201402-0198 CVE-2014-0720 Cisco IPS Service disruption in software (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. Attackers can exploit this issue to cause the Analysis Engine process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuh94944. The software protects against malware, worms, viruses, and more
VAR-201402-0199 CVE-2014-0721 Cisco Unified SIP Phone 3905 In the firmware root Vulnerability for which access rights are acquired CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. An attacker can exploit this issue to gain unauthorized root-level access to an affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuh75574
VAR-201411-0042 CVE-2014-2037 Openswan IKEv2 Payloads Incomplete Fix Remote Denial of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. Openswan 2.6.40 and prior are vulnerable
VAR-201402-0242 CVE-2014-1966 RuggedCom Rugged Operating System SMTP Protocol Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. RuggedCom Inc is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. RuggedCom Rugged Operating System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the management services of the devices to become unresponsive resulting in denial-of-service conditions. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany. A resource management error vulnerability exists in the SNMP implementation in Siemens RuggedCom ROS. The following versions are affected: Siemens RuggedCom ROS 3.10.1 and prior, ROS 3.11 for RS950G, ROS 3.12 prior to 3.12.4, ROS 4.0 for RSG2488