CVE-2016-2457

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179...

CVE-2016-2457

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179...

Design/Logic Flaw

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179...

UBUNTU-CVE-2016-2457

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179...

SUSE-SU-2016:1247-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The 'sntp' commandline tool changed its option handling in a major way, some options have been renamed or dropped. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock...

Cisco TelePresence Codec and Collaboration Endpoint Software Authentication Bypass Vulnerability

Cisco TelePresence is the United States Cisco Cisco company's set of video conferencing solutions known as "telepresence" system. TelePresence Codec TC and Collaboration Endpoint CE software are two of the endpoint software. Software are two of the endpoint software. An authentication bypass...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

Command injection

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

Cisco TelePresence TC (Codec) 7.2.x–7.3.x and CE (Collaboration Endpoint) 8.0.x–8.1.x are affected by an authentication bypass in the XML API due to improper authentication implementation. An unauthenticated, remote attacker can bypass XML API authentication and perform configuration changes or i...

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability

A vulnerability in the XML application programming interface API of Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper...

NTP.org 'ntpd' Multiple Vulnerabilities (Apr 2016)

NTP.org SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.807567";...

Incorrect Auto launch desktop status is shown in StoreFront Console

The value ofAuto launch desktop , which is configurable from the StoreFront management console under Manage Receiver for Web Sites Configure Client Interface Settings might not represent the true value of this property. This value can be reliably configured from the management console, but any...

Cisco NX-OS Application Policy Infrastructure Controller Access Control Vulnerability (cisco-sa-20160203-apic)

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated remote user to make configuration changes outside of their configured access privileges. Copyright C 2016 Greenbone Networks GmbH Some text description...

Cisco Nexus 9000 Series APIC Access Control Vulnerability (CSCut12998)

The remote Cisco Nexus 9000 Series device is affected by an access control vulnerability in the Cisco Application Policy Infrastructure Controller APIC due to a flaw in the eligibility logic of the role-based access control RBAC code. An authenticated, remote attacker can exploit this, via...

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC...

CVE-2015-7907

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors...

Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability

Cisco Prime Service Catalog provides a self-service portal, service request management, and IT service catalog for the data center. A security vulnerability exists in the web interface of Cisco Prime Service Catalog. A remote attacker could exploit this vulnerability to perform configuration...

Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability

A vulnerability in the web interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to perform limited configuration changes. The vulnerability is due to missing access controls in some of the web pages that allow configuration changes. An attacker could exploit th...