Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

Multiple Huawei Products CVE-2016-8796 Denial of Service Vulnerability

Description: Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. Impact: An attackers may exploit these issues to gain elevated privileges. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.cvedetails.com/cve/CVE-2016-8796/ http://www.securityfocus.com/bid/94405/info http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en

0
11 Jul 2017
in Security Advisories & Alerts

Huawei Storage Products CVE-2016-8801 Remote Privilege Escalation Vulnerability

Description: Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command’s parameters, and run this injected command with root privilege. Impact: An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.cvedetails.com/cve/CVE-2016-8801/ http://www.securityfocus.com/bid/94832/info http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-01-storage-en

0
11 Jul 2017
in Security Advisories & Alerts

Oracle API Gateway CVE-2017-3601 Remote Security Vulnerability

Description: Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily “exploitable” vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification...

Read More

0
10 Jul 2017
in Security Advisories & Alerts

Oracle Solaris CVE-2017-3623 Remote Code Execution Vulnerability

Description: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily “exploitable” vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned...

Read More

0
10 Jul 2017
in Security Advisories & Alerts

RoundCube Webmail CVE-2017-8114 Multiple Privilege Escalation Vulnerabilities

Description: RoundCube Webmail is prone to multiple privilege escalation vulnerabilities. RoundCube Webmail versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 are vulnerable. Impact: An attackers may exploit these issues to gain elevated privileges. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/98445/info https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11

0
10 Jul 2017
Page 119 of 134« First...102030...117118119120121...130...Last »