Posted on

ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Log File directory traversal

A vulnerability, which was classified as problematic, has been found in ArcSight ESM and ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0. This issue affects an unknown code block of the component Log File Handler. Applying the patch 6.9.1c Patch 4/6.11.0 Patch 1 is able to eliminate this problem. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.

Posted on

Exiv2 0.26 value.cpp read denial of service

A vulnerability, which was classified as problematic, has been found in Exiv2 0.26 (Image Processing Software). Affected by this issue is the function Exiv2::StringValueBase::read of the file value.cpp. Upgrading eliminates this vulnerability. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability.

Posted on

Cisco IOS up to 15.6 Common Industrial Protocol CIP Packet denial of service

A vulnerability classified as problematic has been found in Cisco IOS up to 15.6 (Router Operating System). This affects some unknown functionality of the component Common Industrial Protocol Handler. It is possible to mitigate the weakness by firewalling . A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Posted on

ZyXEL NWA1123-NI X.509 Certificate weak authentication [CVE-2015-7256]

A vulnerability classified as critical has been found in ZyXEL NWA1123-NI, P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, VSG1435-B101 DSL CPEs, PMG5318-B20A GPON, SBG3300-N000, SBG3300-NB00, SBG3500-N000, GS1900-8, GS1900-24, C1000Z, Q1000, FR1000Z and P8702N (Router Operating System). Affected is some unknown processing of the component X.509 Certificate. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

Smartphone Passbook 1.0.0 X.509 Certificate Validation Man-in-the-Middle weak authentication

A vulnerability was found in Smartphone Passbook 1.0.0 (Smartphone Operating System). It has been classified as problematic. This affects some unknown functionality of the component X.509 Certificate Validation. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

OpenHPI up to 3.5.x Permission openhpi/Makefile.am denial of service

A vulnerability was found in OpenHPI up to 3.5.x. It has been declared as problematic. This vulnerability affects an unknown part in the library /var/lib/openhpi of the file openhpi/Makefile.am of the component Permission. Upgrading to version 3.6.0 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Posted on

Battle for Wesnoth up to 1.12.2/1.13.0 filesystem.cpp get_wml_location information disclosure

A vulnerability was found in Battle for Wesnoth up to 1.12.2/1.13.0. It has been rated as problematic. This issue affects the function filesystem::get_wml_location of the file filesystem.cpp. Upgrading to version 1.12.3 or 1.13.1 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.