BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 19 min 44 sec ago

[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information

June 29, 2015 - 7:41am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 1

HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and
MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security...
Categories:

[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information

June 29, 2015 - 7:32am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04724996

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04724996
Version: 1

HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with
TLS, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information

June 29, 2015 - 7:24am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 3

HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

June 29, 2015 - 7:14am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 1

HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-06-26
Last Updated: 2015-06-26...
Categories:

[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information

June 29, 2015 - 7:06am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 1

HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

June 29, 2015 - 6:59am

Posted by SEC Consult Vulnerability Lab on Jun 29

SEC Consult Vulnerability Lab Security Advisory < 20150626-0 >
=======================================================================
title: Critical vulnerabilities allow surveillance on conferences
product: Polycom RealPresence Resource Manager (RPRM)
vulnerable versions: <8.4
fixed version: 8.4
CVE numbers: CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684...
Categories:

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

June 29, 2015 - 6:50am

Posted by Security Alert on Jun 29

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

CVE Identifier: CVE-2015-0543, CVE-2015-0544

Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE

Affected products:

• ESRS VE version 3.02
• ESRS VE version 3.03
• ESRS VE version 3.04

Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could...
Categories:

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability

June 29, 2015 - 6:41am

Posted by Imre RAD on Jun 29

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer
applications that are used to generate and validate
digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected
the „e-akta” signed document file format, where a file with a valid digital signature could be manipulated in a way
that the verification software...
Categories:

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

June 25, 2015 - 11:50am

Posted by Cisco Systems Product Security Incident Response Team on Jun 25

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Advisory ID: cisco-sa-20150625-ironport

Revision 1.0

For Public Release 2015 June 25 16:00 UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security
Management Virtual Appliance (SMAv) are...
Categories:

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

June 25, 2015 - 11:42am

Posted by Security Alert on Jun 25

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

EMC Identifier: ESA-2015-102

CVE Identifier: CVE-2015-0545

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected products:
• EMC Unisphere for VMAX 8.0.0
• EMC Unisphere for VMAX 8.0.1
• EMC Unisphere for VMAX 8.0.2

Summary:
EMC Unisphere for VMAX 8.0.3.4 contains a fix for a remote code execution vulnerability that...
Categories:

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

June 25, 2015 - 10:08am

Posted by post on Jun 25

About Encripto AS
=================

Encripto is a Norwegian company which provides specialized services within IT-security.
Our core expertise is security testing, network security monitoring and training.
Encripto is committed to information security. We do research to discover trends, new vulnerabilities and better ways
to mitigate them.
We believe in acting as good internet citizens to the industry, whether you are a provider or a user....
Categories:

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

June 25, 2015 - 8:19am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

Application: SAP Mobile Platform 3.0
Versions Affected: SAP Mobile Platform 3.0, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 29.12.2014
Reported: 29.12.2014
Vendor response: 30.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll

June 25, 2015 - 8:11am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS
in the module XeClient.Dll

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference: SAP Security Note...
Categories:

[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS

June 25, 2015 - 8:01am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16
- DoS

Application: SYBASE SQL Anywhere 12 and 16
Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check

June 25, 2015 - 7:53am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener -
Missing authorization check

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference:...
Categories:

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure

June 25, 2015 - 7:45am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console
ReadProfile Parameters - Information disclosure

Application: SAP Management Console
Versions Affected: SAP NW 7.4 Management Console, probably others
Vendor URL: http://SAP.com
Bugs: Information disclosure
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory:...
Categories:

[ERPSCAN-15-005] SAP Mobile Platform - XXE

June 25, 2015 - 7:37am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.14
Reported: 06.11.14
Vendor response: 07.11.14
Date of Public Advisory: 18.06.2015
Reference: SAP Security Note...
Categories:

[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE

June 25, 2015 - 7:29am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal
ReportXmlViewer - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XXE
Sent: 09.12.2014
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 18.06.2015
Reference: SAP...
Categories:

[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE

June 25, 2015 - 7:04am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal
XMLValidationComponent - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.2014
Reported: 06.11.2014
Vendor response: 07.11.2014
Date of Public Advisory: 18.06.2015...
Categories:

[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS

June 25, 2015 - 6:56am

Posted by Darya Maenkova on Jun 25

ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow - RCE, DoS

Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent: 25.08.14
Reported: 25.08.14
Vendor response: 25.08.14
Date of Public Advisory: 15.02.2015...
Categories: