Tagged: vulnerability

"Misfortune Cookie" Broadband Router Vulnerability 0

"Misfortune Cookie" Broadband Router Vulnerability

Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager 0

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager

Vulnerability Note VU#561444 Multiple broadband routers use vulnerable versions of Allegro RomPager Original Release date: 19 Dec 2014 | Last revised: 19 Dec 2014 Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device.

VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values 0

VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values

Vulnerability Note VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values Original Release date: 18 Dec 2014 | Last revised: 18 Dec 2014 Overview The Intelligent Platform Management Interface (IPMI) v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330 : Use of Insufficiently Random Values – CVE-2014-8272 The IPMI v1.5 implementations in multiple Dell iDRAC releases, including versions of iDRAC6 modular/monolithic and iDRAC7, are vulnerable to arbitrary command injection due to use of predictable and limited session ID values. Session IDs are assigned incrementally rather than randomly, enabling an authenticated user to predict subsequent session IDs based on his own session.

VU#315340: EMC Documentum products contain multiple vulnerabilities 0

VU#315340: EMC Documentum products contain multiple vulnerabilities

Vulnerability Note VU#315340 EMC Documentum products contain multiple vulnerabilities Original Release date: 15 Dec 2014 | Last revised: 15 Dec 2014 Overview EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities. Description EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet .

Docker Releases Security Updates 0

Docker Releases Security Updates

Original release date: December 12, 2014 Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system.