Tagged: quick-search

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver 0

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver

Vulnerability Note VU#457759 glibc vulnerable to stack buffer overflow in DNS resolver Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121 : Stack-based Buffer Overflow – CVE-2015-7547 According to a Google security blog post : “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.” According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9.

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default 0

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Vulnerability Note VU#507216 Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann “Classic Platform” switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257 : Storing Passwords in a Recoverable Format For all Hirschmann (part of Belden) “Classic Platform” switches (which includes the MACH series workgroup switches, among others), by default, the switch administrator password is used to construct an SNMP community string that allows remote management of some switch configuration

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium 0

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Vulnerability Note VU#305096 Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 05 Feb 2016 Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands 0

VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Vulnerability Note VU#719736 Fisher-Price Smart Toy platform allows some unauthenticated web API commands Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy

VU#772447: ffmpeg and Libav cross-domain information disclosure vulnerability 0

VU#772447: ffmpeg and Libav cross-domain information disclosure vulnerability

Vulnerability Note VU#772447 ffmpeg and Libav cross-domain information disclosure vulnerability Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview ffmpeg is a “cross-platform solution to record, convert and stream audio and video”. ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows 0

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows

Vulnerability Note VU#916896 Oracle Outside In 8.5.2 contains multiple stack buffer overflows Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#456088: OpenSSH Client contains a client information leak vulnerability and buffer overflow 0

VU#456088: OpenSSH Client contains a client information leak vulnerability and buffer overflow

Vulnerability Note VU#456088 OpenSSH Client contains a client information leak vulnerability and buffer overflow Original Release date: 14 Jan 2016 | Last revised: 14 Jan 2016 Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations.

VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption 0

VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption

Vulnerability Note VU#418072 Comcast XFINITY Home Security fails to properly handle wireless communications disruption Original Release date: 05 Jan 2016 | Last revised: 05 Jan 2016 Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636 : Not Failing Securely (‘Failing Open’) Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band to maintain state between sensors and the base station. When component communications are disrupted, the system does not trigger any alerts and additionally may take from minutes to hours to re-establish communications, during which time no alarm escalation occurs

VU#820196: Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input 0

VU#820196: Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Vulnerability Note VU#820196 Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input Original Release date: 04 Jan 2016 | Last revised: 04 Jan 2016 Overview Furuno Voyage Data Recorder (VDR) VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges. Description According to the Furuno VDR product page , the VDR “records all crucial data to identify the cause of maritime casualty as well as contribute to the future prevention of the catastrophe of any kind.” Multiple versions of Furuno VDR VR-3000/VR-3000S and VR-7000 contain a firmware update utility called moduleserv that listens on TCP port 10110. The moduleserv service fails to properly sanitize user-provided input, which an unauthenticated attacker may leverage to execute arbitrary commands with root privileges

VU#757840: Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users 0

VU#757840: Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users

Vulnerability Note VU#757840 Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users Original Release date: 18 Dec 2015 | Last revised: 18 Dec 2015 Overview Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284 : Improper Access Control – CVE-2015-8267 Dovestones Software AD Self Password Reset contains a vulnerable method PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll that fails to validate the requesting user