Search:Vulnerability:28.03.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008
Published: 28.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8837
Type: remote
Level: 8/10
Description: MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities.

Affected: CISCO : IOS 12.0
CISCO : IOS 12.1
CISCO : IOS 12.2
CISCO : IOS 12.3
CISCO : IOS 12.4
CVE: CVE-2008-1156
CVE-2008-1153
CVE-2008-1152
CVE-2008-1151
CVE-2008-0057

Original document CERT, US-CERT Technical Cyber Security Alert TA08-087B -- Cisco Updates for Multiple Vulnerabilities (28.03.2008)

CISCO, Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak (26.03.2008)

CISCO, Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers (26.03.2008)

document CISCO, Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability (26.03.2008)

CISCO, Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 (26.03.2008)

CISCO, Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS (26.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Multiple BSD systems strfmon() libc function integer overflow
updated since 27.03.2008
Published: 28.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8843
Type: library
Level: 7/10
Description: Integer overflow on format specificator in strfmon(). NULL pointer dereference in printf().

CVE: CVE-2008-1391

Original document Christos Zoulas, Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities (28.03.2008)

Maksymilian Arciemowicz, [securityreason] *BSD libc (strfmon) Multiple vulnerabilities (27.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 26.03.2008
Published: 28.03.2008
Source: MOZILLA
SecurityVulns ID: 8838
Type: client
Level: 8/10
Description: Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.

Affected: MOZILLA : Firefox 2.0
MOZILLA : Thunderbird 2.0
MOZILLA : Seamonkey 2.0
CVE: CVE-2008-1241
CVE-2008-1240
CVE-2008-1238
CVE-2008-1237
CVE-2008-1236
CVE-2008-1235
CVE-2008-1234
CVE-2008-1233
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.)
CVE-2008-0416
CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.)

Original document CERT, US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities (28.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-19 (26.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-18 (26.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-17 (26.03.2008)

document MOZILLA, Mozilla Foundation Security Advisory 2008-16 (26.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-15 (26.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-14 (26.03.2008)

MOZILLA, Mozilla Foundation Security Advisory 2008-13 (26.03.2008)

Discuss: Read or add your comments to this news (0 comments)