HP H3C Comware 5 and 7 devices allow remote attackers to bypass intended access restrictions or cause a denial of service via “Virtual routing and forwarding (VRF) hopping.”
Monthly Archives: January 2016
CVE-2015-5445 (storeonce_backup_system_software)
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-5446 (storeonce_backup_system_software)
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-5447 (storeonce_backup_system_software)
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6858 (insight_management)
HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-6859
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
CVE-2015-6860 (j8692a, j8693a, j8697a, j8698a, j8699a, j8700a, j8715a, j8715b, j8992a, j9091a, j9263a, j9264a, j9265a, j9310a, j9311a, j9447a, j9448a, j9451a, j9452a, j9470a, j9471a, j9472a, j9473a, j9475a, j9532a, j9533a, j9539a, j9540a, j9573a, j9574a, j9575a, j9576a, j9584a, j9585a, j9586a, j9587a, j9588a, j9638a, j9639a, j9640a, j9641a, j9642a, j9643a, j9821a, j9822a, j9823a, j9824a, j9825a, j9826a, j9850a, j9851a, j9866a, j9868a, network_switch_software)
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
CVE-2015-6861 (eucalyptus)
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user’s account.
Hackers Cause World's First Power Outage with Malware
SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and “Havex” that previously targeted organizations in the energy sector.
Now once again, hackers have used highly destructive malware and infected, at least, three regional
Consumers ‘cautious about IoT device security’
While the hype around the Internet of Things (IoT) is warranted in many respects, consumers are nevertheless cautious about adopting the technology, a new survey suggests.
The post Consumers ‘cautious about IoT device security’ appeared first on We Live Security.
