Monthly Archives: February 2016

Security

HP Security Bulletin HPSBGN03547 1

HP Security Bulletin HPSBGN03547 1 – A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. Revision 1 of this advisory.

Security

Cisco Security Advisory 20160218-glibc

Cisco Security Advisory – On February 16, 2016, a critical vulnerability in the GNU C library (glibc) was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer overflow condition that may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on the affected device. This advisory will be updated as additional information becomes available. Cisco will release software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

NVD

CVE-2016-1154

SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NVD

CVE-2016-1156

LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.

NVD

CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator’s connection, aka Bug ID CSCux22492.