PT-2015-3410 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to the Mount Manager component in Microsoft Windows, which mishandles symlinks. This allows physically proximate attackers to execute arbitrary code by...

The vulnerability of the microprogramming software of the Cisco TelePresence Serial Gateway allows a perpetrator to access the authentication data of arbitrary users.

The vulnerability of the microprogramming software of the Cisco TelePresence Serial Gateway device is related to the falsification of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

UBUNTU-CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

qemu -- buffer overflow vulnerability in virtio-serial message exchanges

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest and the host. A malicious guest could use this flaw to corrupt few...

OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...

Cisco TelePresence Serial Gateway Device Cross-Site Request Forgery Vulnerability

The Cisco TelePresence Serial Gateway is an integrated gateway device for web and serial video networks. A cross-site request forgery vulnerability exists in the Cisco TelePresence Serial Gateway appliance that allows remote attackers to construct malicious URIs, trick users into parsing them, an...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on Cisco TelePresence Serial Gateway devices with software 1.01.42 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728...

CVE-2015-4253

The CVE-2015-4253 issue affects Cisco TelePresence Serial Gateway devices running software 1.0(1.42). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw that could allow an unauthenticated, remote attacker to hijack the authentication of arbitrary users due to insufficient CSRF protect...

Cisco TelePresence Serial Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence Serial Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a...

The vulnerability of the microprogramming software of the Cisco TelePresence Serial Gateway allows a intruder to execute arbitrary code with privileges of the root user.

The vulnerability of the web-based framework of the microprogramming software for Cisco TelePresence Serial Gateway relates to deficiencies in access control for files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with privileges of th...

Charter Communications Fixes Data Leaking Vulnerability

Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers. Customers’ payment details, modem serial numbers, device names, account numbers, home addresses, were being spilled...

UBUNTU-CVE-2015-1319

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a US...

KLA10504 Multiple vulnerabilities in Cisco products

Multiple serious vulnerabilities have been found in Cisco products. Below is a complete list of vulnerabilities 1. Improper serial port restrictions in Cisco Virtual TelePresence Server Software can be exploited locally via a specially designed OS commands; 2. An unknown vulnerability in Cisco CS...

Cisco Virtual TelePresence Server Software Arbitrary Command Execution Vulnerability

Cisco Virtual TelePresence Server Software is a set of virtual telepresence server software from Cisco USA. The software provides audio, video space and other features. A security vulnerability exists in Cisco Virtual TelePresence Server Software that stems from the program's failure to properly...

CVE-2015-0660

The CVE-2015-0660 issue affects Cisco Virtual TelePresence Server Software (all versions) where improper restrictions on the serial port enable a local attacker with vSphere controller admin privileges to execute arbitrary OS commands as root (privilege escalation). Root cause: undocumented privi...

Code injection

The OLE Point of Sale OPOS drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt...

Code injection

The OLE Point of Sale OPOS drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt...

CVE-2014-7895

CVE-2014-7895 affects HP Point of Sale Windows PCs with OPOS Common Control Objects (OPOS CCO) drivers older than 1.13.003. The vulnerability is in OPOSCashDrawer.ocx and enables remote code execution via the OPOS driver family (notably on PUSB/SERIAL USB receipts, MICR/hybrid printers, and relat...