Wazi » Security Notifications

Workcentre 5632 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 5632 [High]

Description

Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0548
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access “directory structure” via a crafted PostScript file, aka “Unauthorized Directory Structure Access Vulnerability.”

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Description

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0550
Severity: Medium

NIST National Vulnerabilities Database

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Description

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a “memory leak” by some sources, but is better characterized as “memory disclosure.”

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0551
Severity: Medium

NIST National Vulnerabilities Database

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Description

Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0552
Severity: Medium

NIST National Vulnerabilities Database

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Geo%2B%2B Gncaster 1.4.0.7 and prior [Medium]

Description

Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0553
Severity: Medium

NIST National Vulnerabilities Database

Geo%2B%2B Gncaster 1.4.0.7 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Geo%2B%2B Gncaster 1.4.0.7 and prior [High]

Description

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0554
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Workcentre 6400 System Software 060.079.29310 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Workcentre 6400 System Software 060.079.29310 and prior [High]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0549
Severity: High

NIST National Vulnerabilities Database

Ie 7 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Ie 7 and prior [High]

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0255
Severity: High

NIST National Vulnerabilities Database

Ie 7 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Ie 7 and prior [High]

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product’s use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0555
Severity: High

NIST National Vulnerabilities Database

Asterisk 1.6.10-rc2 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Asterisk 1.6.10-rc2 and prior [Medium]

Description

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0441
Severity: Medium

NIST National Vulnerabilities Database

Openvms Rms vms83a_update-v1100 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openvms Rms vms83a_update-v1100 and prior [Medium]

Description

Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0443
Severity: Medium

NIST National Vulnerabilities Database

Samba 3.4.5 and prior [Low]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Samba 3.4.5 and prior [Low]

Description

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0547
Severity: Low

NIST National Vulnerabilities Database

Openvms Rms vms83a_update-v1100 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openvms Rms vms83a_update-v1100 and prior [Medium]

Description

Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0443
Severity: Medium

NIST National Vulnerabilities Database

Openvms Rms vms83a_update-v1100 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openvms Rms vms83a_update-v1100 and prior [Medium]

Description

Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0443
Severity: Medium

NIST National Vulnerabilities Database

Openvms Rms vms83a_update-v1100 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Openvms Rms vms83a_update-v1100 and prior [Medium]

Description

Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0443
Severity: Medium

NIST National Vulnerabilities Database