CVE-2013-2789

The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service master-station infinite loop via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service...

CVE-2013-2789

The CVE covers Kepware’s DNP Master Driver for KEPServerEX (pre-5.12.140.0). The vulnerability is an improper input validation in the DNP3 handling on TCP port 20000 and via serial input, which can cause a master station infinite loop and denial of service. Public advisories confirm update to ver...

HP ProCurve 5400 zl Switches Compact Flash Card Security Issue

The remote HP ProCurve 5400 zl switch is missing a software update that corrects an issue with a compact flash card that may contain malware-infected content. Note that The J8726A Management Module in 5400 zl switches are only affected if they possess the following serial numbers : - ID116AS04P...

HP Switch Identification

The remote host is an HP switch. It is possible to read the model, serial number, and/or software version by connecting to the switch via SSH or by using SNMP. TRUSTED...

SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...

CVE-2013-2798

Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

Design/Logic Flaw

Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production date before...

Important: Red Hat Security Advisory: rhev-guest-tools-iso security and bug fix update

An updated rhev-guest-tools-iso package that fixes one security issue and two bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Cisco IPS Version

The remote host is a Cisco Intrusion Prevention System IPS. It is possible to read the Cisco IPS version number, model number, and/or serial number by connecting to the device via SSH or SNMP. TRUSTED...

Verizon Network Extender femtocell hack intercepts calls

A $250 piece of hardware known as a femtocell, used to boost mobile phone signals for consumers and small businesses, is vulnerable to a complete takeover that attackers can use to intercept Internet traffic and cell phone calls. Two researchers from iSEC Partners are expected to provide more...

OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous...

Alstom e-Terracontrol DNP3 Master Improper Input Validation (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-282-01, Alstom e‑terra control DNP3 Master Improper Input Validation, which was posted to the NCCIC/ICS‑CERT Web site October 09, 2013. Adam Crain of Automatak and independent researcher Chris Sistrunk have...

OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous...

Ubuntu Update for linux-ec2 USN-1808-1

Check for the Version of linux-ec2 OpenVAS Vulnerability Test $Id: gbubuntuUSN18081.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for linux-ec2 USN-1808-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Cleartext Credential Found in ICS Device Firmware

Industrial control systems are rife with security issues, not the least of which is the use of hard-coded credentials. In order to minimize downtime, developers and administrators build in passwords to expedite remote troubleshooting in the event of a system crash or failure. Problems arise when ...

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

[SECURITY] Fedora 17 Update: gpsd-3.9-1.fc17

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...

New Android malware forwards incoming messages to hacker

A new type of Android malware that can intercept text messages and forwarding to hackers is discovered by the Russian firm Doctor Web. This is a very serious threat to users, because using this malware attackers can easily get two factor authentication code of your Email or bank accounts. The...

Kernel: USB io_ti driver NULL pointer dereference in routine chase_port

The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service NULL pointer dereference and system crash via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter...