NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
Monthly Archives: August 2016
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.
DSA-3658 libidn – security update
Hanno Boeck discovered multiple vulnerabilities in libidn, the GNU
library for Internationalized Domain Names (IDNs), allowing a remote
attacker to cause a denial of service against an application using the
libidn library (application crash).
Vuln: RETIRED:Adobe Flash Player and AIR CVE-2016-4120 Unspecified Memory Corruption Vulnerability
RETIRED:Adobe Flash Player and AIR CVE-2016-4120 Unspecified Memory Corruption Vulnerability
Vuln: RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
Vuln: Apple iOS/WatchOS/tvOS Security Bypass and Memory Corruption Vulnerabilities
Apple iOS/WatchOS/tvOS Security Bypass and Memory Corruption Vulnerabilities
Vuln: RETIRED:Apple tvOS CVE-2016-4607 Multiple Memory Corruption Vulnerabilities
RETIRED:Apple tvOS CVE-2016-4607 Multiple Memory Corruption Vulnerabilities
Red Hat Security Advisory 2016-1785-01
Red Hat Security Advisory 2016-1785-01 – Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.7 release serves as a replacement for JBoss Operations Network 3.3.6, and includes several bug fixes.
Cisco Security Advisory 20160831-sps3
Cisco Security Advisory – A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.
Google Releases Security Update for Chrome
Original release date: August 31, 2016
Google has released Chrome version 53.0.2785.89 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.