The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604.
Monthly Archives: November 2015
IBM i Access For Windows 7.1 Buffer Overflow
IBM i Access for Windows is vulnerable to a buffer overflow. A local attacker could overflow a buffer and execute arbitrary code on the Windows PC.
IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials
Original release date: November 18, 2015
The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. In addition to doxing (the act of gathering and publishing individuals’ personal information without permission), threat actors have been observed compromising the email accounts of officers and officials. These target groups should protect their online presence and exposure.
Users are encouraged to review the IC3 Alert for details and recommended security measures. Refer to US-CERT Tip ST06-003 for information on staying safe on social networking sites.
This product is provided subject to this Notification and this Privacy & Use policy.
Horde Groupware 5.2.10 Cross Site Request Forgery
Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability.
Adobe Premiere Clip 1.1.1 Filter Bypass
Adobe Premiere Clip version 1.1.1 suffers from a filter bypass vulnerability.
Ubuntu Security Notice USN-2814-1
Ubuntu Security Notice 2814-1 – It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.
Red Hat Security Advisory 2015-2068-01
Red Hat Security Advisory 2015-2068-01 – Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
HP Security Bulletin HPSBGN03521 1
HP Security Bulletin HPSBGN03521 1 – A potential security vulnerability has been identified in HP Operations Orchestration Central. The vulnerability could be exploited to allow Cross-Site Request Forgery (CSRF). Revision 1 of this advisory.
Red Hat Security Advisory 2015-2086-01
Red Hat Security Advisory 2015-2086-01 – The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.
Red Hat Security Advisory 2015-2081-01
Red Hat Security Advisory 2015-2081-01 – PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.