CVE-2016-1722

CVE-2016-1722 is a memory-corruption vulnerability in Apple’s syslog subsystem affecting iOS <9.2.1, OS X <10.11.3, and tvOS

About the security content of tvOS 9.1.1 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

About the security content of tvOS 9.1.1

About the security content of tvOS 9.1.1 This document describes the security content of tvOS 9.1.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...

Apple iOS syslog Handling Arbitrary Code Execution Vulnerability

Apple iOS is Apple's operating system for several smart devices. There is a security vulnerability in Apple iOS syslog handling that allows an attacker to gain ROOT privileges...

How to enable Syslog over TCP in ADC

This article describes how to enable syslog over TCP in ADC. Background Syslog is the standard used for logging information. Syslog enables isolation of the system that generates information and the system that stores the information. Syslog usage is quite common in Network implementations today...

Mac OS X 10.11.x < 10.11.3 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.3. It is, therefore, affected by multiple vulnerabilities in the following components : - AppleGraphicsPowerManagement - Disk Images - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - libxslt - OSA Scripts - syslo...

About the security content of OS X El Capitan 10.11.3 and Security Update 2016-001 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

About the security content of iOS 9.2.1

About the security content of iOS 9.2.1 This document describes the security content of iOS 9.2.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To lear...

SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)

This ntp update provides the following security and non security fixes : - Update to 4.2.8p4 to fix several security issues bsc951608 : - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK - CVE-2015-7855: decodenetnum will ASSERT botch instead of returni...

Security Onion - Linux Distro For Intrusion Detection, Network Security Monitoring, And Log Management

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an...

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

QNAP Logging Error Encryption Key Vulnerability

NAP Turbo NAS Series Devices is a storage device with software support for real-time backup, data synchronization and scheduled backup. NAP Turbo NAS Series Devices has a security vulnerability where the syslog encryption key is logged to an unencrypted hard disk partition and is globally readabl...

[SECURITY] Fedora 22 Update: rsyslog-8.8.0-3.fc22

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

Cisco UCSM 2.2 Username / Password Disclosure

Subject: Cisco UCSM username and password hashes sent via SYSLOG Impact: Information Disclosure / Privilege Elevation Vendor: Cisco Product: Cisco Unified Computing System Manager UCSM Notified: 2014.10.31 Fixed: 2015.03.06 2.23e Author: Tom Sellers tom at fadedcode.net Date: 2015.03.21...

Moderate: Red Hat Security Advisory: openssh security, bug fix and enhancement update

Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Cisco Adaptive Security Appliance Software Information Leak in Syslog Messages Vulnerability

A vulnerability in the syslog management subsystem of devices running Cisco Adaptive Security Appliance ASA Software may allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper sanitization of syslog messages. An attacker could exploit this...

CVE-2014-3410

The syslog-management subsystem in Cisco Adaptive Security Appliance ASA Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then 1 sniffing the network for a syslog message or 2 reading a syslog message in a file on a syslog...

Design/Logic Flaw

The syslog-management subsystem in Cisco Adaptive Security Appliance ASA Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then 1 sniffing the network for a syslog message or 2 reading a syslog message in a file on a syslog...

PT-2014-5299 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue concerns the syslog-management subsystem, which may allow remote attackers to obtain an administrator password. This can be achieved by eith...

CVE-2014-3410

The syslog-management subsystem in Cisco Adaptive Security Appliance ASA Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then 1 sniffing the network for a syslog message or 2 reading a syslog message in a file on a syslog...