The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968.
Monthly Archives: August 2015
CVE-2015-4322
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user’s Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
CVE-2015-4324
Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908.
CVE-2015-5163
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
CVE-2015-5621
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVE-2015-6255
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.
CVE-2015-6522
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
CVE-2015-6523
Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.
Migration of Avira products to Windows 10 – how to get started
You might have noticed: Windows 10 has arrived. And obviously you want to upgrade. But will your programs be compatible? Well – in this article we will tell you which of our antivirus solutions are compatible with Windows 10 and help you migrating your Avira products.
The post Migration of Avira products to Windows 10 – how to get started appeared first on Avira Blog.
USN-2720-1: Django vulnerability
Ubuntu Security Notice USN-2720-1
18th August, 2015
python-django vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Django could be made to crash if it received specially crafted network
traffic.
Software description
- python-django
– High-level Python web development framework
Details
Lin Hua Cheng discovered that Django incorrectly handled the session store.
A remote attacker could use this issue to cause the session store to fill
up, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
python3-django
1.7.6-1ubuntu2.2
-
python-django
1.7.6-1ubuntu2.2
- Ubuntu 14.04 LTS:
-
python-django
1.6.1-2ubuntu0.10
- Ubuntu 12.04 LTS:
-
python-django
1.3.1-4ubuntu1.18
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.