CVE-2017-12354

The CVE-2017-12354 issue affects Cisco Secure Access Control System (ACS) web-based interface, where an unauthenticated, remote attacker can view sensitive system software version information. Root cause: the software does not adequately protect version information in responses to HTTP requests. ...

SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can send a crafted X.509 certificate to cause unspecified impact. They can exploit, under certain circumstances, a computational flaw in the Montgomery...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

Debian: Security Advisory (DSA-4052-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: git-2.14.3-2.fc27

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but t...

JVN#54795166: Home unit KX-HJB1000 contains multiple vulnerabilities

Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Improper access control - CVE-2017-2131 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base...

[SECURITY] Fedora 27 Update: git-2.14.2-2.fc27

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol

Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom Discovery Protocol RCDP to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administrative actions. The issue, an...

CVS: Command injection

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description It was discovered that when CVS is configured to use SSH for remote repositories it allows remote attackers to execute arbitrary code...

LOYTEC LVIS-3ME

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: LOYTEC Equipment: LVIS-3ME Vulnerabilities: Relative Path Traversal, Insufficient Entropy, Cross-site Scripting, Insufficiently Protected Credentials AFFECTED PRODUCTS The following versions of LVIS-3ME, an HMI Touch...

Wikileaks Unveils Project Protego: CIA's Secret Missile Control System

Every week since March Wikileaks has been leaking secrets from the United States Central Intelligence Agency CIA, which mainly focus on surveillance techniques and hacking tools employed by its agents. However this time, the whistleblower organisation has released something different from its...

Debian DSA-3963-1 : mercurial - security update

Several issues were discovered in Mercurial, a distributed revision control system. - CVE-2017-9462 fixed in stretch only Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. - CVE-2017-1000115...

[SECURITY] Fedora 26 Update: cvs-1.11.23-42.fc26

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in access control and the disclosure of information in error messages, allowing attackers to read arbitrary files.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system stems from deficiencies in access control and the disclosure of information in error messages. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

RHEL 7 : git (RHSA-2017:2484)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2484 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serve...

CVE-2017-6769

A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. More Information: CSCve70587. Known...

CVE-2017-6769

Cisco Secure Access Control System (ACS) web-based management interface contains a stored XSS vulnerability. An authenticated, remote attacker could exploit insufficient input validation and lack of encoding to inject malicious scripts affecting users of the ACS web UI. Affected releases include ...

RHEL 7 : git (RHSA-2017:2004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2004 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Schneider Electric Trio TView

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Trio TView Vulnerabilities: Multiple Vulnerabilities for Java Runtime Environment AFFECTED PRODUCTS The following versions of Schneider Electric Trio TView...