The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117.
Monthly Archives: February 2015
CVE-2015-0871
Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GLSA 201502-01 (Normal): mpg123
mpg123: User-assisted execution of arbitrary code
GLSA 201502-02 (High): adobe-flash
Adobe Flash Player: Multiple vulnerabilities
MDVSA-2015:037: vorbis-tools
Updated vorbis-tools package fixes security vulnerability:
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (out-of-bounds read) via a crafted raw file
(CVE-2014-9640).
MDVSA-2015:036: python-django
Updated python-django packages fix security vulnerabilities:
Jedediah Smith discovered that Django incorrectly handled underscores
in WSGI headers. A remote attacker could possibly use this issue to
spoof headers in certain environments (CVE-2015-0219).
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to
perform a cross-site scripting attack (CVE-2015-0220).
Alex Gaynor discovered that Django incorrectly handled reading files
in django.views.static.serve(). A remote attacker could possibly use
this issue to cause Django to consume resources, resulting in a denial
of service (CVE-2015-0221).
RHSA-2015:0140-1: Critical: flash-plugin security update
Red Hat Enterprise Linux: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
RHEA-2015:0141-1: tzdata enhancement update
Red Hat Enterprise Linux: Updated tzdata packages that add one enhancement are now available for Red Hat
Enterprise Linux 4.9 Extended Life Cycle Support, Red Hat Enterprise Linux 5.11,
Red Hat Enterprise Linux 6.6, and Red Hat Enterprise Linux 7.0.
CVE-2013-5557
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.
CVE-2015-0601
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790.