Remote

  • info
  • discussion
  • exploit
  • solution
  • references
libTIFF CVE-2016-8331 Type Confusion Remote Code Execution Vulnerability

Bugtraq ID: 93898
Class: Boundary Condition Error
CVE: CVE-2016-8331
Remote: Yes
Local: No
Published: Oct 25 2016 12:00AM
Updated: Nov 20 2016 12:03AM
Credit: Tyler Bohan and Cory Duplantis.
Vulnerable: LibTIFF LibTIFF 4.0.6
Not Vulnerable:


SecurityFocus Vulnerabilities

blog-power-shell-remote-management-commands_sqUsing PowerShell for managing remote computers quickly and efficiently has been one of its main advantages. If you’re not familiar with it, these commands will get you up to speed.

Sure, you’ve heard about this PowerShell thing for years, but the OS is called Windows, not Shells, and the GUI and you have been friends for years. After all, you spent good money on your mouse and you’re going to get your money’s worth out of it. I get it, I too have resisted for years dropping to the prompt in Windows, which is strange considering I feel very comfortable in BASH.

To help you see the value in this, I wanted to share eleven very useful PowerShell commands you can use to remotely manage Windows machines. That’s right, you don’t have to RDP into a server and then open PowerShell. You can do it all from your desktop and still run PS cmdlets on remote systems. And some of those cmdlets are dead useful. So, if this sounds like something you could use, read on!

Of course, you should have PowerShell on your local machine, have your remote machine enabled for remote PowerShell, and have admin rights to the systems you want to remotely manage. And if you’re going to run scripts, you may want to adjust the execution policy. Here’s how to get that all lined up.

Download the latest version of PowerShell from Microsoft and install it. All current versions of Windows should have PowerShell, but the latest version is worth installing, and you can get that as a part of the Windows Management Framework 5.0 from https://www.microsoft.com/en-us/download/details.aspx?id=50395.

Make sure that for all computers you wish to manage remotely the WinRM service is set to start automatically and is running. You can do this in the services.msc GUI, or through local PowerShell (admin) using this cmdlet: set-service winrm -startuptype automatic

Enable remote PowerShell management on the machines to be managed using that same PowerShell (admin) session: Enable-PSRemoting -Force

If you need to set that on multiple computers, see our post http://www.gfi.com/blog/how-to-manage-your-servers-remotely-with-powershell/ for how to do this using a GPO.

Remember that, in addition to the above, if you’re executing remote commands on a server (or workstation) you need to have admin rights on that remote system, as well as your local system where you will be opening the PS session as an administrative one. If your account on the local machine is not an admin on the remote one, you will have to provide the explicit credentials for an account that is admin on the remote machine.

The first cmdlet is really the most important one for us, as it is what enables you to start a PS session on the remote machine. Click the title for the MSDN page with all the details, but here’s an example to get you started.

Enter-PSSession -ComputerName RemoteServer -Port 5353 -Credential DomainUsername

The cool thing is that your prompt will be updated to reflect the remote hostname as a reminder of which box you’re on when executing commands. The title for each of the cmdlets below is linked to the online documentation in case you want more information.

This very useful cmdlet lets you call scripts you have either saved to the remote machine, or can get to by drive or UNC path. You can use it instead of Enter-PSSession if you want to do a one-off, or use a comma-delimited list of computer names to run the same thing on multiple systems.

Invoke-Command -ComputerName RemoteServer -Credential DomainUsername -ScriptBlock PScommand

Just like it sounds, this cmdlet lets you retrieve and view the Event Log from a remote system (or of course locally) and filter based on type, ID, keyword, etc.

Get-EventLog -LogName System -InstanceID c0ffee -Source “LSA

Three cmdlets that are closely related, and let you see what processes are running, start new processes, and stop processes. These processes can be applications or scripts, and can be background or interactive on the Desktop.

Start-Process -FilePath “notepad” -Wait -WindowStyle Maximized

Another set of cmdlets that are best together, with which you can query what volumes are attached to a system and manipulate them, including mounting/dismounting and changing drive letters. How often do you need to check free disk space across all your servers?

Get-Volume -DriveLetter C

These two cmdlets can get and modify the ACL on any resource, be it file system or registry. This can simplify auditing, configuration, and specific settings for applications deployed on multiple systems.

Get-Acl -Path “HKLM:SystemCurrentControlSetControl” | Format-List

These two do exactly what it sounds like they do. Bounce or shutdown the remote machine as appropriate.

Restart-Computer -ComputerName “Server01”, “Server02”, “Server03”

Would not PING by any other name be just as good? Probably, and in this case, there are some useful parameters that you can use in scripts to first confirm a system is up before trying to do something else, or to just test a connection from a user’s workstation without having to first explain to them how to open a CMD prompt and then how to spell PING.

Test-Connection -ComputerName “Server01” -Count 3 -Delay 2 -TTL 255 -BufferSize 256 -ThrottleLimit 32

Similar to cmdlets to manipulate processes, these two can query and set the services on the remote system, like using services.msc

Get-Service | Where-Object $ _.Status -eq “Running”

This cmdlet can let you feed a number of lines into a run block, or invoke a PS1 script accessible on the remote machine by file path.

Start-Job -FilePath “c:scriptssample.ps1”

11. Set-RemoteDesktopConfig

And just in case you really need that GUI (I certainly do) you can use Set-RemoteDesktopConfig to enable and configure RDP on servers. This is very useful considering that it’s off by default, even with Server 2016.

Of course, there are a couple of alternatives to learning the PS names for the cmdlets that do the things you’ve done for years in the cmd prompt. The first is to use PSEXEC from Microsoft to simply run commands remotely on target computers. I’ve been doing that for years and have a hard time convincing myself to use PowerShell when PSEXEC works so well. But since PowerShell is the future, I am trying to do the right thing.

The second is to use the PowerShell cmdlet set-alias to create cmd prompt-like names for the PS cmdlets you are using, so at least you can work with familiar commands. There are a ton of aliases already set in PS. Just enter alias in a PS session to see what is already set. Either way, you have remote cmd-line management in the bag.

You may also like:

  • The most important new features in Windows Server 2016
  • 10 new Windows 10 features for sysadmins
  • 33 quick and dirty tips for Windows sysadmins


GFI Blog

Vulnerable: SuSE Linux Enterprise Server 11 SP2 LTSS
QEMU QEMU 0
IBM PowerKVM 2.1.1 SP3
IBM PowerKVM 2.1.1 Build 65.7
IBM PowerKVM 2.1.1 Build 65.6
IBM PowerKVM 2.1.1 Build 65.5
IBM PowerKVM 2.1.1 Build 65.4
IBM PowerKVM 2.1.1 build 57
IBM PowerKVM 3.1.0.2
IBM PowerKVM 3.1 SP2
IBM PowerKVM 3.1 SP1
IBM PowerKVM 3.1 Build 3
IBM PowerKVM 3.1 Build 2
IBM PowerKVM 3.1
IBM PowerKVM 2.1.1.3-65.10
IBM PowerKVM 2.1.1.3-65
IBM PowerKVM 2.1.1 SP2 (build 51)
IBM PowerKVM 2.1.1 Build 65.1
IBM PowerKVM 2.1.1 build 58
IBM PowerKVM 2.1
Gentoo Linux


SecurityFocus Vulnerabilities

Bugtraq ID: 90864 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-4447 Remote: Yes Local: No Published: May 23 2016 12:00AM Updated: Sep 30 2016 12:02AM Credit: David Kilzer Vulnerable: XMLSoft Libxml2 2.9
XMLSoft Libxml2 2.7.8
XMLSoft Libxml2 2.7.7
XMLSoft Libxml2 2.7.6
XMLSoft Libxml2 2.7.5
XMLSoft Libxml2 2.7.4
XMLSoft Libxml2 2.7.3
XMLSoft Libxml2 2.7.2
XMLSoft Libxml2 2.7.1
XMLSoft Libxml2 2.7
XMLSoft Libxml2 2.6.32
XMLSoft Libxml2 2.6.31
XMLSoft Libxml2 2.6.30
XMLSoft Libxml2 2.6.26
XMLSoft Libxml2 2.6.24
XMLSoft Libxml2 2.6.23
XMLSoft Libxml2 2.6.22
XMLSoft Libxml2 2.6.21
XMLSoft Libxml2 2.6.20
XMLSoft Libxml2 2.6.18
XMLSoft Libxml2 2.6.17
XMLSoft Libxml2 2.6.16
XMLSoft Libxml2 2.6.15
XMLSoft Libxml2 2.6.14
XMLSoft Libxml2 2.6.13
XMLSoft Libxml2 2.6.12
XMLSoft Libxml2 2.6.11
XMLSoft Libxml2 2.6.9
XMLSoft Libxml2 2.6.8
XMLSoft Libxml2 2.6.7
XMLSoft Libxml2 2.6.6
XMLSoft Libxml2 2.6.5
XMLSoft Libxml2 2.6.4
XMLSoft Libxml2 2.6.3
XMLSoft Libxml2 2.6.2
XMLSoft Libxml2 2.6.1
XMLSoft Libxml2 2.5.11
XMLSoft Libxml2 2.5.10
XMLSoft Libxml2 2.5.8
XMLSoft Libxml2 2.5.4
XMLSoft Libxml2 2.5.1
XMLSoft Libxml2 2.4.30
XMLSoft Libxml2 2.4.29
XMLSoft Libxml2 2.4.28
XMLSoft Libxml2 2.4.27
XMLSoft Libxml2 2.4.26
XMLSoft Libxml2 2.4.24
XMLSoft Libxml2 2.4.23
XMLSoft Libxml2 2.4.22
XMLSoft Libxml2 2.4.21
XMLSoft Libxml2 2.4.20
XMLSoft Libxml2 2.4.19
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
XMLSoft Libxml2 2.4.18
XMLSoft Libxml2 2.4.17
XMLSoft Libxml2 2.4.16
XMLSoft Libxml2 2.4.15
XMLSoft Libxml2 2.4.14
XMLSoft Libxml2 2.4.13
XMLSoft Libxml2 2.4.12
XMLSoft Libxml2 2.4.11
XMLSoft Libxml2 2.4.10
XMLSoft Libxml2 2.4.9
XMLSoft Libxml2 2.4.8
XMLSoft Libxml2 2.4.7
XMLSoft Libxml2 2.4.6
XMLSoft Libxml2 2.4.5
XMLSoft Libxml2 2.4.4
XMLSoft Libxml2 2.4.3
XMLSoft Libxml2 2.4.2
XMLSoft Libxml2 2.3.14
XMLSoft Libxml2 2.3.13
XMLSoft Libxml2 2.3.12
XMLSoft Libxml2 2.3.10
XMLSoft Libxml2 2.3.8
XMLSoft Libxml2 2.3.7
XMLSoft Libxml2 2.3.6
XMLSoft Libxml2 2.3.5
XMLSoft Libxml2 2.3.4
XMLSoft Libxml2 2.2.11
XMLSoft Libxml2 2.2.10
XMLSoft Libxml2 2.2.7
XMLSoft Libxml2 2.2.6
XMLSoft Libxml2 2.2.5
XMLSoft Libxml2 2.2.4
XMLSoft Libxml2 2.2.3
XMLSoft Libxml2 1.8.14
XMLSoft Libxml2 1.8.10
XMLSoft Libxml2 1.8.9
XMLSoft Libxml2 1.8.5
XMLSoft Libxml2 1.8.4
XMLSoft Libxml2 1.8.3
XMLSoft Libxml2 1.8.1
XMLSoft Libxml2 1.8.1
XMLSoft Libxml2 1.7.4
XMLSoft Libxml2 1.7
XMLSoft Libxml2 2.9.3
XMLSoft Libxml2 2.9.2
XMLSoft Libxml2 2.9.1
XMLSoft Libxml2 2.6.29
XMLSoft Libxml2 2.6.28
XMLSoft Libxml2 2.6.27
XMLSoft Libxml2 2.6.25
XMLSoft Libxml2 2.6.0
XMLSoft Libxml2 2.5.7
XMLSoft Libxml2 2.5.0
XMLSoft Libxml2 2.4.25
XMLSoft Libxml2 2.4.1
XMLSoft Libxml2 2.3.3
XMLSoft Libxml2 2.3.2
XMLSoft Libxml2 2.3.11
XMLSoft Libxml2 2.3.1
XMLSoft Libxml2 2.3.0
XMLSoft Libxml2 2.2.9
XMLSoft Libxml2 2.2.8
XMLSoft Libxml2 2.2.2
XMLSoft Libxml2 2.2.1
XMLSoft Libxml2 2.2.0
XMLSoft Libxml2 2.1.1
XMLSoft Libxml2 2.1.0
XMLSoft Libxml2 2.0.0
XMLSoft Libxml2 1.8.7
XMLSoft Libxml2 1.8.6
XMLSoft Libxml2 1.8.16
XMLSoft Libxml2 1.8.13
XMLSoft Libxml2 1.7.3
XMLSoft Libxml2 1.7.2
XMLSoft Libxml2 1.7.1
Slackware Linux 14.1 x86_64
Slackware Linux 14.1
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Oracle VM Server for x86 3.4
Oracle VM Server for x86 3.3
Oracle Linux 7
Oracle Linux 6
IBM SmartCloud Entry 3.2 Fix Pack 19
IBM SmartCloud Entry 3.2 Fix Pack 18
IBM SmartCloud Entry 3.2 fix pack 14
IBM SmartCloud Entry 3.2 fix pack 13
IBM SmartCloud Entry 3.2 Fix Pack 11
IBM SmartCloud Entry 3.2 Appliance fix pack 2
IBM SmartCloud Entry 3.2 Appliance fix pack 1
IBM SmartCloud Entry 3.2
IBM SmartCloud Entry 3.1 FP 9
IBM SmartCloud Entry 3.1 fix pack 13
IBM SmartCloud Entry 3.1 Fix Pack 10
IBM SmartCloud Entry 3.1 Appliance fix pack 2
IBM SmartCloud Entry 3.1 Appliance fix pack 1
IBM SmartCloud Entry 3.1
IBM SmartCloud Entry 2.4 Fix Pack 2
IBM SmartCloud Entry 2.4 Appliance fix pack 6
IBM SmartCloud Entry 2.4 Appliance fix pack 4
IBM SmartCloud Entry 2.3 Fix Pack 2
IBM SmartCloud Entry 2.3 Fix Pack 1
IBM SmartCloud Entry 2.3 Appliance fix pack 6
IBM SmartCloud Entry 2.3 Appliance fix pack 4
IBM SmartCloud Entry 2.2 Fix Pack 2
IBM SmartCloud Entry 2.2 Fix Pack 1
IBM SmartCloud Entry 2.2 Appliance fix pack 6
IBM SmartCloud Entry 2.2 Appliance fix pack 4
IBM SmartCloud Entry 2.2
IBM SmartCloud Entry 3.2.0.4 FixPack 15
IBM SmartCloud Entry 3.2.0.4 FixPack 13
IBM SmartCloud Entry 3.2.0.4 fix pack 11
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4
IBM SmartCloud Entry 3.2.0.3
IBM SmartCloud Entry 3.2.0.2
IBM SmartCloud Entry 3.2.0.1
IBM SmartCloud Entry 3.2.0.0
IBM SmartCloud Entry 3.2.0 fix pack 9
IBM SmartCloud Entry 3.2.0 fix pack 8
IBM SmartCloud Entry 3.2.0 fix pack 10
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.1.0.4 FixPack 15
IBM SmartCloud Entry 3.1.0.4 FixPack 12
IBM SmartCloud Entry 3.1.0.4 fix pack 10
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4
IBM SmartCloud Entry 3.1.0.3
IBM SmartCloud Entry 3.1.0.2
IBM SmartCloud Entry 3.1.0.1
IBM SmartCloud Entry 3.1.0.0
IBM SmartCloud Entry 3.1.0 fix pack 9
IBM SmartCloud Entry 3.1.0 fix pack 8
IBM SmartCloud Entry 3.1 FP 10
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 2.4.0.5 JRE Update 5
IBM SmartCloud Entry 2.4.0.5 FixPack 5
IBM SmartCloud Entry 2.4.0.5 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0 fix pack 1
IBM SmartCloud Entry 2.4.0
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.3 JRE Update 5
IBM SmartCloud Entry 2.3.0.3 JRE Update 4
IBM SmartCloud Entry 2.3.0.3 FixPack 3
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM Security Privileged Identity Manager 2.0
IBM Security Network Protection 5.3.2
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2.3
IBM Security Network Protection 5.3.2.2
IBM Security Network Protection 5.3.2.1
IBM Security Network Protection 5.3.1.9
IBM Security Network Protection 5.3.1.8
IBM Security Network Protection 5.3.1.7
IBM Security Network Protection 5.3.1.6
IBM Security Network Protection 5.3.1.5
IBM Security Network Protection 5.3.1.4
IBM Security Network Protection 5.3.1.3
IBM Security Network Protection 5.3.1.2
IBM Security Network Protection 5.3.1.1
IBM Security Guardium 10.1
IBM Security Guardium 10
IBM Security Access Manager for Web 8.0.1
IBM Security Access Manager for Web 8.0 3
IBM Security Access Manager for Web 8.0 2
IBM Security Access Manager for Web 8.0.1.4
IBM Security Access Manager for Web 8.0.1.3
IBM Security Access Manager for Web 8.0.1.2
IBM Security Access Manager for Web 8.0.1.1
IBM Security Access Manager for Web 8.0.1.0
IBM Security Access Manager for Web 8.0.0.5
IBM Security Access Manager for Web 8.0.0.4
IBM Security Access Manager for Web 8.0.0.0
IBM Security Access Manager for Web 7.0
IBM Security Access Manager for Mobile 8.0.1
IBM Security Access Manager for Mobile 8.0.1.4
IBM Security Access Manager for Mobile 8.0.1.3
IBM Security Access Manager for Mobile 8.0.1.2
IBM Security Access Manager for Mobile 8.0.1.1
IBM Security Access Manager for Mobile 8.0.0.5
IBM Security Access Manager for Mobile 8.0.0.4
IBM Security Access Manager for Mobile 8.0.0.3
IBM Security Access Manager for Mobile 8.0.0.2
IBM Security Access Manager for Mobile 8.0.0.1
IBM Security Access Manager for Mobile 8.0.0.0
IBM Security Access Manager for Mobile 8.0
IBM Security Access Manager 9.0.1.0
IBM Security Access Manager 9.0.0.1
IBM Security Access Manager 9.0
IBM Rational Systems Tester 3.3.0.7 Interim Fix
IBM Rational Systems Tester 3.3.0.7 Interim Fix
IBM Rational Systems Tester 3.3.0.7 Interim Fix
IBM Rational Systems Tester 3.3.0.7 Interim Fix
IBM Rational Systems Tester 3.3.0.7
IBM Rational Systems Tester 3.3.0.6
IBM Rational Systems Tester 3.3.0.5
IBM Rational Systems Tester 3.3.0.4
IBM Rational Systems Tester 3.3.0.3
IBM Rational Systems Tester 3.3.0.2
IBM Rational Systems Tester 3.3.0.1
IBM Rational Systems Tester 3.3
IBM RackSwitch G8332 7.7.23.0
IBM RackSwitch G8316 7.9.17.0
IBM RackSwitch G8264T 7.9.17.0
IBM RackSwitch G8264CS 7.8.14.0
IBM RackSwitch G8264 7.9.17.0
IBM RackSwitch G8264 7.11.7.0
IBM RackSwitch G8124/G8124-E 7.9.17.0
IBM RackSwitch G8124/G8124-E 7.11.7.0
IBM RackSwitch G8052 7.9.17.0
IBM RackSwitch G8052 7.11.7.0
IBM PowerKVM 3.1
IBM PowerKVM 2.1
IBM MQ Appliance M2001
IBM MQ Appliance M2000
IBM Lotus Protector for Mail Security 2.8 0
IBM Lotus Protector for Mail Security 2.8.1.0
IBM Lotus Protector for Mail Security 2.8.1
IBM DataPower Gateways 7.5.1.1
IBM DataPower Gateways 7.5.1.0
IBM DataPower Gateways 7.5.0.2
IBM DataPower Gateways 7.5.0.1
IBM DataPower Gateways 7.5.0.0
IBM DataPower Gateways 7.2.0.8
IBM DataPower Gateways 7.2.0.6
IBM DataPower Gateways 7.2.0.5
IBM DataPower Gateways 7.2.0.4
IBM DataPower Gateways 7.2.0.3
IBM DataPower Gateways 7.2.0.2
IBM DataPower Gateways 7.2.0.1
IBM DataPower Gateways 7.2.0.0
HP IceWall Federation Agent 3.0
eSignal eSignal 6.0.2
Bluecoat Security Analytics Platform 7.1
Bluecoat Security Analytics Platform 7.0
Bluecoat Security Analytics Platform 6.6
Bluecoat Proxysg 6.6
Bluecoat Proxysg 6.5
Bluecoat Norman Network Protection 5.3
Bluecoat Industrial Control Systems Network Scanner 5.3
Bluecoat Industrial Control System Protection 5.3
Bluecoat Director 6.1
Bluecoat AuthConnector 2.5
Bluecoat Advanced Secure Gateway 6.6
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 1.0
Apple Watch 0
Apple Mac Os X 10.11.3
Apple Mac Os X 10.11.2
Apple Mac Os X 10.11.1
Apple Mac Os X 10.11.5
Apple Mac Os X 10.11.4
Apple Mac Os X 10.11
Apple iTunes 12.3.2
Apple iTunes 12.3.1
Apple iTunes 11.2.1
Apple iTunes 11.1.5
Apple iTunes 11.1.4
Apple iTunes 11.1.3
Apple iTunes 11.1.2
Apple iTunes 11.1.1
Apple iTunes 11.0.5
Apple iTunes 11.0.4
Apple iTunes 11.0.2
Apple iTunes 10.6.3
Apple iTunes 10.6.1
Apple iTunes 10.5.1
Apple iTunes 10.1.2
Apple iTunes 9.2.1
Apple iTunes 9.0.2
Apple iTunes 9.0.1 .8
Apple iTunes 9.0.1
Apple iTunes 9.0
Apple iTunes 7.3.2
Apple iTunes 7.3.1
Apple iTunes 7.3
Apple iTunes 7.0.2
Apple iTunes 6.0.5
Apple iTunes 6.0.4
Apple iTunes 6.0.3
Apple iTunes 6.0.1
Apple iTunes 6.0
Apple iTunes 5.0
Apple iTunes 4.8
Apple iTunes 4.7
Apple iTunes 4.6
Apple iTunes 4.5
Apple iTunes 4.2 .72
Apple iTunes 9.2
Apple iTunes 9.1.1
Apple iTunes 9.1
Apple iTunes 9.0.3
Apple iTunes 8.2
Apple iTunes 8.1
Apple iTunes 8.0.2.20
Apple iTunes 7.4
Apple iTunes 12.4
Apple iTunes 12.3
Apple iTunes 12.2
Apple iTunes 12.0.1
Apple iTunes 11.2
Apple iTunes 11.1
Apple iTunes 11.0.3
Apple iTunes 11.0.1
Apple iTunes 11.0.0.163
Apple iTunes 11.0
Apple iTunes 10.7
Apple iTunes 10.6.1.7
Apple iTunes 10.6
Apple iTunes 10.5.3
Apple iTunes 10.5.2
Apple iTunes 10.5.1.42
Apple iTunes 10.5
Apple iTunes 10.4.1.10
Apple iTunes 10.4.1
Apple iTunes 10.4.0.80
Apple iTunes 10.4
Apple iTunes 10.3.1
Apple iTunes 10.3
Apple iTunes 10.2.2.12
Apple iTunes 10.2.2
Apple iTunes 10.2
Apple iTunes 10.1.1.4
Apple iTunes 10.1.1
Apple iTunes 10.1
Apple iTunes 10.0.1
Apple iTunes 10
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0 Not Vulnerable: XMLSoft Libxml2 2.9.4
IBM Security Privileged Identity Manager 2.0.2 Fixpack 8
IBM Security Network Protection 5.3.2.4
IBM Security Network Protection 5.3.1.10
Apple watchOS 2.2.2
Apple Mac Os X 10.11.6
Apple Mac Os X Security Update 2016
Apple iTunes 12.4.2
Apple iOS 9.3.3


SecurityFocus Vulnerabilities

Vulnerable: SuSE OpenStack Cloud 5
SuSE Manager Proxy 2.1
SuSE Manager 2.1
SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Software Development Kit 11 SP4
SuSE Linux Enterprise Server for SAP 12
SuSE Linux Enterprise Server 12-LTSS
SuSE Linux Enterprise Server 12 SP1
SuSE Linux Enterprise Server 11 SP4
SuSE Linux Enterprise Server 11 SP3 LTSS
SuSE Linux Enterprise Server 11 SP2 LTSS
SuSE Linux Enterprise Point of Sale 11-SP3
SuSE Linux Enterprise Desktop 12 SP1
SuSE Linux Enterprise Debuginfo 11 SP4
SuSE Linux Enterprise Debuginfo 11 SP3
SuSE Linux Enterprise Debuginfo 11 SP2
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux Client Optional 7
Redhat Enterprise Linux 7 Client
Redhat Enterprise Linux 5 Server
Oracle Enterprise Linux 7
Oracle Enterprise Linux 5
ISC BIND 9.6
ISC BIND 9.5.1 P3
ISC BIND 9.5.1 P1
ISC BIND 9.5 a2
ISC BIND 9.5 a1
ISC BIND 9.4.3 P3
ISC BIND 9.4.3
ISC BIND 9.4.1 -P1
ISC BIND 9.4.1
ISC BIND 9.4 rc2
ISC BIND 9.4 rc1
ISC BIND 9.4 b4
ISC BIND 9.4 b3
ISC BIND 9.4 b2
ISC BIND 9.4 b1
ISC BIND 9.4 a6
ISC BIND 9.4 a5
ISC BIND 9.4 a4
ISC BIND 9.4 a3
ISC BIND 9.4 a2
ISC BIND 9.4 a1
ISC BIND 9.4
ISC BIND 9.3.6 P1
ISC BIND 9.3.6
ISC BIND 9.3.5
ISC BIND 9.3.4
ISC BIND 9.3.3 rc3
ISC BIND 9.3.3 rc2
ISC BIND 9.3.3 rc1
ISC BIND 9.3.3 b1
ISC BIND 9.3.3 b
ISC BIND 9.3.3
ISC BIND 9.3.2 -P2
ISC BIND 9.3.2 -P1
ISC BIND 9.3.2
ISC BIND 9.3.1
ISC BIND 9.3
ISC BIND 9.2.8
ISC BIND 9.2.7 rc3
ISC BIND 9.2.7 rc2
ISC BIND 9.2.7 rc1
ISC BIND 9.2.7 b1
ISC BIND 9.2.7
ISC BIND 9.2.6 -P2
ISC BIND 9.2.6 -P1
ISC BIND 9.2.6
ISC BIND 9.2.5
ISC BIND 9.2.4
ISC BIND 9.2.3
ISC BIND 9.2.2
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
ISC BIND 9.1.3
ISC BIND 9.1.2
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
ISC BIND 9.7.1-P2
ISC BIND 9.7.1 P1
ISC BIND 9.7.1
ISC BIND 9.7.0 P2
ISC BIND 9.7.0
ISC BIND 9.6.1-P3
ISC BIND 9.6.1-P2
ISC BIND 9.6.0-P1
ISC BIND 9.5.2-P2
ISC BIND 9.5.2-P1
ISC BIND 9.5.1b1
ISC BIND 9.5.0b2
ISC BIND 9.5.0b1
ISC BIND 9.5.0a7
ISC BIND 9.5.0a6
ISC BIND 9.5.0a5
ISC BIND 9.5.0a4
ISC BIND 9.5.0a3
ISC BIND 9.5.0-P2-W2
ISC BIND 9.5.0-P2-W1
ISC BIND 9.5.0-P2
ISC BIND 9.4.3b2
ISC BIND 9.4.3-P5
ISC BIND 9.4.3-P4
ISC BIND 9.4.3-P1
ISC BIND 9.4.2-P2-W2
ISC BIND 9.4.2-P2-W1
ISC BIND 9.4.2-P2
ISC BIND 9.3.5-P2-W2
ISC BIND 9.3.5-P2-W1
ISC BIND 9.3.5-P2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 5


SecurityFocus Vulnerabilities

Vulnerable: Xen Xen 4.6
Xen Xen 4.5.0
Xen Xen 4.4.1
Xen Xen 4.4.0
Xen Xen 4.3.1
Xen Xen 4.3.0
Redhat Enterprise Virtualization 0
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Virtualization 5 Server
Redhat Enterprise Linux Server EUS 7.2
Redhat Enterprise Linux Server AUS 7.2
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux HPC Node EUS 7.2
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux Desktop Multi OS 5 client
Redhat Enterprise Linux Desktop 7
QEMU QEMU 0
Oracle VM Server for x86 3.4
Oracle VM Server for x86 3.3
Oracle VM Server for x86 3.2
Oracle Enterprise Linux 5
HP Helion OpenStack 2.1.4
HP Helion OpenStack 2.1.2
HP Helion OpenStack 2.1
HP Helion OpenStack 2.0
Citrix XenServer 6.0.2 Common Criteria
Citrix XenServer 6.0.2
Citrix XenServer 6.5 Service Pack 1
Citrix XenServer 6.5
Citrix XenServer 6.2 Service Pack 1
Citrix XenServer 6.2
Citrix XenServer 6.1
Citrix XenServer 6.0


SecurityFocus Vulnerabilities

Bugtraq ID: 89752 Class: Unknown CVE: CVE-2016-2108 Remote: Yes Local: No Published: May 03 2016 12:00AM Updated: Sep 28 2016 12:02AM Credit: Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google). Vulnerable: SuSE openSUSE Evergreen 11.4
Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux -current
S.u.S.E. openSUSE 13.2
S.u.S.E. openSUSE 13.1
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Server EUS 7.2
Redhat Enterprise Linux Server AUS 7.2
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux HPC Node EUS 7.2
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Oracle Exalogic Infrastructure 2.0
Oracle Exalogic Infrastructure 1.0
OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a
OpenSSL Project OpenSSL 1.0.1n
OpenSSL Project OpenSSL 1.0.1m
OpenSSL Project OpenSSL 1.0.1l
OpenSSL Project OpenSSL 1.0.1k
OpenSSL Project OpenSSL 1.0.1j
OpenSSL Project OpenSSL 1.0.1i
OpenSSL Project OpenSSL 1.0.1h
OpenSSL Project OpenSSL 1.0.1g
OpenSSL Project OpenSSL 1.0.1f
OpenSSL Project OpenSSL 1.0.1e
OpenSSL Project OpenSSL 1.0.1d
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1b
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1
IBM Workload Deployer 3.1 7
IBM Workload Deployer 3.1 6
IBM Workload Deployer 3.1 2
IBM Workload Deployer 3.1 1
IBM Workload Deployer 3.1
IBM Worklight Enterprise Edition 6.1.0.2
IBM Worklight Enterprise Edition 6.1.0.1
IBM Worklight Enterprise Edition 6.1.0.0
IBM WebSphere Cast Iron Cloud Integration 7.5
IBM WebSphere Cast Iron Cloud Integration 6.4 1
IBM WebSphere Cast Iron Cloud Integration 6.4 0
IBM WebSphere Cast Iron Cloud Integration 6.3 2
IBM WebSphere Cast Iron Cloud Integration 6.3 1
IBM WebSphere Cast Iron Cloud Integration 6.1 9
IBM WebSphere Cast Iron Cloud Integration 6.1 6
IBM WebSphere Cast Iron Cloud Integration 6.1 3
IBM WebSphere Cast Iron Cloud Integration 6.1 15
IBM WebSphere Cast Iron Cloud Integration 6.1 12
IBM WebSphere Cast Iron Cloud Integration 7.0.0.0
IBM Websphere Application Server 8.5.5.9 - Liberty Pr
IBM Websphere Application Server 8.5.5.8 - Liberty Pr
IBM Websphere Application Server 8.5.5.7 - Liberty Pr
IBM Websphere Application Server 8.5.5.6 - Liberty Pr
IBM Websphere Application Server 8.5.5.5 - Liberty Pr
IBM Websphere Application Server 8.5.5.4 - Liberty Pr
IBM Websphere Application Server 8.5.5.3 - ~~Liberty
IBM Websphere Application Server 8.5.5.2 - Liberty Pr
IBM Websphere Application Server 8.5.5.1 - Liberty Pr
IBM Websphere Application Server 8.5.5.0 - Liberty Pr
IBM Virtual Fabric 10GB Switch Module 7.8.10.0
IBM Vios 2.2
IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4
IBM Tivoli Common Reporting 3.1.3
IBM Tivoli Common Reporting 3.1.2
IBM Tivoli Common Reporting 3.1.2.1
IBM Tivoli Common Reporting 3.1.0.2
IBM Tivoli Common Reporting 3.1.0.1
IBM Tivoli Common Reporting 3.1
IBM Systems Director 6.3.2 0
IBM Systems Director 5.2
IBM Systems Director 6.3.7.0
IBM Systems Director 6.3.6.0
IBM Systems Director 6.3.5.0
IBM Systems Director 6.3.3.1
IBM Systems Director 6.3.3.0
IBM Systems Director 6.3.2.2
IBM Systems Director 6.3.2.1
IBM Systems Director 6.3.1.1
IBM Systems Director 6.3.1.0
IBM Systems Director 6.3.0.0
IBM Systems Director 6.3
IBM Systems Director 6.2.1.2
IBM Systems Director 6.2.1.0
IBM Systems Director 6.2.0.0
IBM Systems Director 6.1.0.0
IBM Sterling Connect:Direct for UNIX 4.1
IBM Sterling Connect:Direct for UNIX 4.0
IBM Sterling Connect:Direct for Microsoft Windows 4.6.0
IBM Sterling Connect:Direct for Microsoft Windows 4.5.01
IBM Sterling Connect:Direct for Microsoft Windows 4.5.00
IBM Sterling Connect:Direct for HP NonStop 3.6
IBM Sterling Connect:Direct for HP NonStop 3.5.1
IBM Sterling Connect:Direct for HP NonStop 3.5
IBM Security Proventia Network Active Bypass 1.0.2919
IBM Security Proventia Network Active Bypass 1.0.1876
IBM Security Proventia Network Active Bypass 3.9-34
IBM Security Proventia Network Active Bypass 3.4-23
IBM Security Proventia Network Active Bypass 3.30.4-12
IBM Security Proventia Network Active Bypass 3.30.2-9
IBM Security Proventia Network Active Bypass 3.30.0-13
IBM Security Proventia Network Active Bypass 3.30-12
IBM Security Proventia Network Active Bypass 3.29-9
IBM Security Proventia Network Active Bypass 3.25-57
IBM Security Proventia Network Active Bypass 3.18-49
IBM Security Proventia Network Active Bypass 3.13-41
IBM Security Proventia Network Active Bypass 2.18-43
IBM Security Proventia Network Active Bypass 2.18-42
IBM Security Proventia Network Active Bypass 2.16-37
IBM Security Proventia Network Active Bypass 2.15-36
IBM Security Proventia Network Active Bypass 2.13-34
IBM Security Proventia Network Active Bypass 2.11-28
IBM Security Proventia Network Active Bypass 0343c3c
IBM Security Network Protection 5.3.2
IBM Security Network Protection 5.3.1
IBM Security Network Controller 1.0.3387
IBM Security Network Controller 1.0.3381
IBM Security Network Controller 1.0.3379
IBM Security Network Controller 1.0.3376
IBM Security Network Controller 1.0.3361
IBM Security Network Controller 1.0.1768
IBM Security Network Controller 1.0.1209
IBM Security Network Controller 1.0.913
IBM Security Network Controller 1.0.3394M
IBM Security Network Controller 1.0.3394
IBM Security Network Controller 1.0.3387M
IBM Security Network Controller 1.0.3381M
IBM Security Network Controller 1.0.3379M
IBM Security Network Controller 1.0.3376M
IBM Security Network Controller 1.0.3361M
IBM Security Network Controller 1.0.3352M
IBM Security Network Controller 1.0.3350M
IBM Security Network Controller 1.0
IBM Security Identity Manager Virtual Appliance 7.0.1.1
IBM Security Identity Manager Virtual Appliance 7.0.1.0
IBM Security Identity Manager Virtual Appliance 7.0.0.3
IBM Security Identity Manager Virtual Appliance 7.0.0.2
IBM Security Identity Manager Virtual Appliance 7.0.0.1
IBM Security Identity Manager Virtual Appliance 7.0.0.0
IBM Security Identity Governance and Intelligence 5.2.1
IBM Security Guardium 10.0
IBM Security Access Manager for Web 8.0.1
IBM Security Access Manager for Web 8.0 3
IBM Security Access Manager for Web 8.0 2
IBM Security Access Manager for Web 9.0.0.1
IBM Security Access Manager for Web 9.0
IBM Security Access Manager for Web 8.0.1.3
IBM Security Access Manager for Web 8.0.1.2
IBM Security Access Manager for Web 8.0.1.1
IBM Security Access Manager for Web 8.0.1.0
IBM Security Access Manager for Web 8.0.0.5
IBM Security Access Manager for Web 8.0.0.4
IBM Security Access Manager for Web 8.0.0.2
IBM Security Access Manager for Web 8.0.0.0
IBM Security Access Manager for Web 7.0
IBM Security Access Manager for Mobile 8.0.1
IBM Security Access Manager for Mobile 9.0
IBM Security Access Manager for Mobile 8.0.1.4
IBM Security Access Manager for Mobile 8.0.1.3
IBM Security Access Manager for Mobile 8.0.1.2
IBM Security Access Manager for Mobile 8.0.1.1
IBM Security Access Manager for Mobile 8.0.0.5
IBM Security Access Manager for Mobile 8.0.0.4
IBM Security Access Manager for Mobile 8.0.0.3
IBM Security Access Manager for Mobile 8.0.0.2
IBM Security Access Manager for Mobile 8.0.0.1
IBM Security Access Manager for Mobile 8.0.0.0
IBM Real-time Compression Appliance 4.1.2
IBM Rational Reporting for Development Intelligence 2.0.6
IBM Rational Reporting for Development Intelligence 2.0.5
IBM Rational Reporting for Development Intelligence 2.0.4
IBM Rational Reporting for Development Intelligence 2.0.3
IBM Rational Reporting for Development Intelligence 2.0.1
IBM Rational Reporting for Development Intelligence 5.0.2
IBM Rational Reporting for Development Intelligence 5.0.1
IBM Rational Reporting for Development Intelligence 5.0
IBM Rational Reporting for Development Intelligence 2.0
IBM Rational Insight 1.1.1 3
IBM Rational Insight 1.1.1 2
IBM Rational Insight 1.1.1 1
IBM Rational Insight 1.1.1
IBM Rational Insight 1.1.1.7
IBM Rational Insight 1.1.1.6
IBM Rational Insight 1.1.1.5
IBM Rational Insight 1.1.1.4
IBM Rational Insight 1.1
IBM RackSwitch G8332 7.7.23.0
IBM RackSwitch G8316 7.9.17.0
IBM RackSwitch G8264T 7.9.17.0
IBM RackSwitch G8264CS 7.8.14.0
IBM RackSwitch G8264 7.9.17.0
IBM RackSwitch G8264 7.11.7.0
IBM RackSwitch G8124/G8124-E 7.9.17.0
IBM RackSwitch G8124/G8124-E 7.11.7.0
IBM RackSwitch G8052 7.9.17.0
IBM RackSwitch G8052 7.11.7.0
IBM QRadar 7.2
IBM QRadar 7.1
IBM PureApplication System 2.2.0.0
IBM PureApplication System 2.1.2.2
IBM PureApplication System 2.1.2.1
IBM PureApplication System 2.1.2.0
IBM PureApplication System 2.1.1.0
IBM PureApplication System 2.1.0.2
IBM PureApplication System 2.1.0.1
IBM PureApplication System 2.1.0.0
IBM PureApplication System 2.0.0.1
IBM PureApplication System 2.0
IBM Proventia Network Enterprise Scanner 2.3
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 3.4
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 3.3
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 3.2
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 3.1
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 2.5
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 2.4
IBM ProtecTIER Gateway for System Z (PID 5639-FPA) 1.2
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 3.4
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 3.3
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 3.2
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 3.1
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 2.5
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 2.4
IBM ProtecTIER Entry Edition (PID 5639-PTC) - TS7610 / TS7620 1.2
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 3.4
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 3.3
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 3.2
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 3.1
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 2.5
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 2.4
IBM ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G 1.2
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 3.4
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 3.3
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 3.2
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 3.1
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 2.5
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 2.4
IBM ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1 1.2
IBM PowerKVM 3.1
IBM PowerKVM 2.1
IBM Power HMC 8.5.0.0
IBM Power HMC 8.4.0.0
IBM Power HMC 8.3.0.0
IBM Power HMC 8.2.0.0
IBM Power HMC 8.1.0.0
IBM Power HMC 7.9.0.0
IBM Power HMC 7.3.0.0
IBM MQ Appliance M2001
IBM MQ Appliance M2000
IBM MobileFirst Platform Foundation 7.1.0.0
IBM MobileFirst Platform Foundation 7.0.0.0
IBM MobileFirst Platform Foundation 6.3.0.0
IBM Mobile Foundation Consumer Edition 6.2.0.1
IBM Mobile Foundation Consumer Edition 6.2.0.0
IBM Messagesight 1.2
IBM Messagesight 1.1
IBM Jazz Reporting Service 6.0
IBM Jazz Reporting Service 5.0.2
IBM Jazz Reporting Service 5.0.1
IBM Jazz Reporting Service 5.0
IBM Image Construction and Composition Tool 2.3.2.0
IBM Image Construction and Composition Tool 2.3.1.0
IBM i 7.3
IBM i 7.2
IBM i 7.1
IBM Flex System Fabric SI4093 System Interconnect Module 7.8.14.0
IBM Flex System Fabric EN4093R 10Gb Scalable Switch 7.8.14.0
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch 7.8.14.0
IBM Flex System EN2092 1Gb Ethernet Scalable Switch 7.8.14.0
IBM DataPower Gateways 7.5.1.0
IBM DataPower Gateways 7.5.0.1
IBM DataPower Gateways 7.2.0.6
IBM DataPower Gateways 7.1.0.10
IBM DataPower Gateways 7.0.0.13
IBM Counter Fraud Management for Safer Payments 5.3.0
IBM Cognos Business Intelligence Server 10.2.2
IBM Cognos Business Intelligence Server 10.2.1 1
IBM Cognos Business Intelligence Server 10.2.1
IBM Cognos Business Intelligence Server 10.1.1
IBM Cognos Business Intelligence Server 10.2
IBM Cognos Business Intelligence 10.2.1 FixPack 2
IBM Cognos Business Intelligence 10.2.1
IBM Cognos Business Intelligence 10.1.1
IBM Cloud Manager with Openstack 4.3
IBM Cloud Manager with Openstack 4.2
IBM Cloud Manager with Openstack 4.1
IBM Cloud Manager with Openstack 4.3.0.6 Interim Fix1
IBM Cloud Manager with Openstack 4.3.0.6
IBM Cloud Manager with Openstack 4.3.0.4 interim Fix
IBM Cloud Manager with Openstack 4.3.0.4
IBM Cloud Manager with Openstack 4.3.0.3
IBM Cloud Manager with Openstack 4.3.0.2
IBM Cloud Manager with Openstack 4.3.0.1
IBM Cloud Manager with Openstack 4.2.0.3 Interix Fix
IBM Cloud Manager with Openstack 4.2.0.3 Interix Fix
IBM Cloud Manager with Openstack 4.2.0.3 Interim Fix
IBM Cloud Manager with Openstack 4.2.0.3
IBM Cloud Manager with Openstack 4.2.0.2
IBM Cloud Manager with Openstack 4.2.0.1
IBM Cloud Manager with Openstack 4.1.0.5 Interim Fix
IBM Cloud Manager with Openstack 4.1.0.5 Interim Fix
IBM Cloud Manager with Openstack 4.1.0.5
IBM Cloud Manager with Openstack 4.1.0.4.2
IBM Cloud Manager with Openstack 4.1.0.4
IBM Cloud Manager with Openstack 4.1.0.3
IBM Cloud Manager with Openstack 4.1.0.2
IBM Cloud Manager with Openstack 4.1.0.1
IBM Algo Audit and Compliance 2.1
IBM Aix 7.2
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
IBM ABYP-4TS-P-M 0
IBM ABYP-4TS-P 0
IBM ABYP-4TL-P-M 0
IBM ABYP-4TL-P 0
IBM ABYP-4T-0S-0L-P-M 0
IBM ABYP-4T-0S-0L-P 0
IBM ABYP-2T-2S-0L-P-M 0
IBM ABYP-2T-2S-0L-P 0
IBM ABYP-2T-1S-1L-P-M 0
IBM ABYP-2T-1S-1L-P 0
IBM ABYP-2T-0S-2L-P-M 0
IBM ABYP-2T-0S-2L-P 0
IBM ABYP-10G-4SR-1-P-M 0
IBM ABYP-10G-4SR-1-P 0
IBM ABYP-10G-4LR-1-P-M 0
IBM ABYP-10G-4LR-1-P 0
IBM ABYP-10G-2SR-2LR-1-P-M 0
IBM ABYP-10G-2SR-2LR-1-P 0
IBM ABYP-0T-4S-0L-P-M 0
IBM ABYP-0T-4S-0L-P 0
IBM ABYP-0T-2S-2L-P-M 0
IBM ABYP-0T-2S-2L-P 0
IBM ABYP-0T-0S-4L-P-M 0
IBM ABYP-0T-0S-4L-P 0
IBM 1/10GB Uplink Ethernet Switch Module 7.4.14.0
HP IceWall SSO Dfw 10.0
HP IceWall SSO Agent Option 10
HP Helion OpenStack 2.1.4
HP Helion OpenStack 2.1.2
HP Helion OpenStack 2.1
HP Helion OpenStack 2.0
Google Android 5.1.1
Google Android 5.0.2
Google Android 4.4.4
Extremenetworks Summit WM3000 Series 0
Extremenetworks Purview 6.3
Extremenetworks NetSight Appliance 6.3
Extremenetworks NAC Appliance 6.3
Extremenetworks IdentiFi Wireless 10.11
Extremenetworks IdentiFi V7R0
Extremenetworks IdentiFi 10.01
Extremenetworks ExtremeXOS 21.1.1
Extremenetworks ExtremeXOS 21.1
Extremenetworks ExtremeXOS 16.2
Extremenetworks ExtremeXOS 16.1.3
Extremenetworks ExtremeXOS 16.1.2
Extremenetworks ExtremeXOS 15.7.4
Extremenetworks ExtremeXOS 15.7.3
Extremenetworks ExtremeXOS 15.7.2
Extremenetworks ExtremeXOS 15.7
Extremenetworks ExtremeXOS 15.6.5
Extremenetworks ExtremeXOS 15.6.4
Extremenetworks ExtremeXOS 15.5.5
Extremenetworks ExtremeXOS 15.3.5
Extremenetworks ExtremeXOS 16.1
Extremenetworks ExtremeXOS 15.4.1.0
Extremenetworks ExtremeXOS 15.3
Extremenetworks EOS 7.91.1
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Citrix XenServer 6.0.2 Common Criteria
Citrix XenServer 6.0.2
Citrix XenServer 6.5 Service Pack 1
Citrix XenServer 6.5
Citrix XenServer 6.2 Service Pack 1
Citrix XenServer 6.2
Citrix XenServer 6.1
Citrix XenServer 6.0
Cisco Wide Area Application Services (WAAS) 0
Cisco WebEx Recording Playback Client 0
Cisco WebEx Node for MCS 0
Cisco WebEx Messenger Service 7.9.9 EP1
Cisco WebEx Messenger Service 0
Cisco WebEx Meetings Server - SSL Gateway 0
Cisco WebEx Meetings Server 2.6
Cisco WebEx Meetings Server 2.5MR2
Cisco WebEx Meetings Server 2.5.99.2
Cisco WebEx Meetings Server 2.5.1.5
Cisco WebEx Meetings Server 2.5.0.997
Cisco WebEx Meetings Server 2.5 MR1
Cisco WebEx Meetings Server 2.5
Cisco WebEx Meetings Server 2.0
Cisco WebEx Meetings Server 1.5.1.6
Cisco WebEx Meetings Server 1.5.1.131
Cisco WebEx Meetings Server 1.5(.1.6)
Cisco WebEx Meetings Server 1.5(.1.131)
Cisco WebEx Meetings Server 1.5
Cisco WebEx Meetings Server 1.1
Cisco WebEx Meetings Server 1.0
Cisco WebEx Meetings Server 0
Cisco WebEx Meetings for WP8 0
Cisco WebEx Meetings for BlackBerry 0
Cisco WebEx Meetings for Android 0
Cisco WebEx Meetings Client - On Premises 0
Cisco WebEx Meetings Client - Hosted 0
Cisco WebEx Meeting Center 0
Cisco Web Security Appliance (WSA) 0
Cisco Visual Quality Experience Tools Server 0
Cisco Visual Quality Experience Server 0
Cisco Virtualization Experience Media Engine 0
Cisco Virtual Security Gateway for Microsoft Hyper-V 0
Cisco Videoscape Control Suite 0
Cisco Video Surveillance PTZ IP Cameras 0
Cisco Video Surveillance Media Server 7.7
Cisco Video Surveillance Media Server 0
Cisco Video Surveillance 7000 Series IP Cameras 0
Cisco Video Surveillance 6000 Series IP Cameras 0
Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras 0
Cisco Video Surveillance 3000 Series IP Cameras 0
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) 0
Cisco Universal Small Cell 7000 Series 3.4.2.0
Cisco Unity Connection (UC) 0
Cisco Unified Workforce Optimization 0
Cisco Unified Wireless IP Phone 0
Cisco Unified SIP Proxy 0
Cisco Unified IP Phone 7900 Series 0
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control 0
Cisco Unified Intelligent Contact Management Enterprise 0
Cisco Unified Contact Center Express 0
Cisco Unified Contact Center Enterprise 0
Cisco Unified Computing System -
Cisco Unified Communications Manager Session Management Edition (SME) 0
Cisco Unified Communications Manager (UCM) 0
Cisco Unified Communications Manager 11.0 (0.98000.225)
Cisco Unified Communications Manager 10.5(3.10000.9)
Cisco Unified Communications Manager 10.5(2)su3
Cisco Unified Communications Manager 10.5(0.98000.88)
Cisco Unified Communications Manager 10.5 (2.13900.9)
Cisco Unified Communications Manager 10.5 (2.10000.5)
Cisco Unified Communications Manager 10.5 (1.98991.13)
Cisco Unified Communications Manager 10.3(1)
Cisco Unified Communications Manager 10.0(1)
Cisco Unified Communications Manager 10.0 (1.10000.12)
Cisco Unified Communications Manager 10.0
Cisco Unified Communications Manager 10.0
Cisco Unified Communications for Microsoft Lync 0
Cisco Unified Attendant Console Standard 0
Cisco Unified Attendant Console Premium Edition 0
Cisco Unified Attendant Console Enterprise Edition 0
Cisco Unified Attendant Console Department Edition 0
Cisco Unified Attendant Console Business Edition 0
Cisco Unified Attendant Console Advanced 0
Cisco Unified 9971 IP Phone 0
Cisco Unified 9951 IP Phone 0
Cisco Unified 8961 IP Phone 0
Cisco Unified 8945 IP Phone 0
Cisco Unified 8831 Series IP Conference Phone 0
Cisco Unified 8831 IP Phone 0
Cisco Unified 7800 Series IP Phones 0
Cisco Unified 6945 IP Phones 0
Cisco Unified 6901 IP Phones 0
Cisco TelePresence Video Communication Server (VCS) 0
Cisco Telepresence Video Communication Server 0
Cisco TelePresence SX Series 0
Cisco TelePresence Server on Virtual Machine 4.1
Cisco TelePresence Server on Virtual Machine 0
Cisco TelePresence Server on Multiparty Media 320 4.1
Cisco TelePresence Server on Multiparty Media 320 0
Cisco TelePresence Server on Multiparty Media 310 4.1
Cisco TelePresence Server on Multiparty Media 310 0
Cisco TelePresence Server 8710 0
Cisco TelePresence Server 7010 0
Cisco TelePresence Serial Gateway Series 0
Cisco TelePresence Profile Series 0
Cisco TelePresence MX Series 0
Cisco TelePresence MCU 8510 0
Cisco TelePresence MCU 8420 0
Cisco TelePresence MCU 5300 0
Cisco TelePresence MCU 4500 0
Cisco TelePresence MCU 4200 0
Cisco TelePresence ISDN Link 0
Cisco TelePresence ISDN GW MSE 8321 0
Cisco TelePresence ISDN GW 3241 0
Cisco TelePresence Integrator C Series 0
Cisco TelePresence EX Series 0
Cisco TelePresence Content Server (TCS) 0
Cisco TelePresence Conductor 0
Cisco Tandberg Codian MSE 8320 model 0
Cisco Tandberg Codian ISDN GW 3240 0
Cisco Tandberg Codian ISDN GW 3220 0
Cisco Tandberg Codian ISDN GW 3210 0
Cisco Standalone rack server CIMC 0
Cisco SPA525G 0
Cisco SPA51X Series IP Phones 0
Cisco SPA50X Series IP Phones 0
Cisco SPA30X Series IP Phones 0
Cisco SPA232D Multi-Line DECT ATA 0
Cisco SPA122 ATA with Router 0
Cisco SPA112 2-Port Phone Adapter 0
Cisco SocialMiner 0
Cisco Show and Share (SnS) 0
Cisco Show and Share 5.2(3)
Cisco Show and Share 5.2(2.1)
Cisco Show and Share 5.2(2)
Cisco Show and Share 5.2(1)
Cisco Show and Share 5(2)
Cisco Services Analytic Platform 0
Cisco Registered Envelope Service (CRES) 0
Cisco Registered Envelope Service 0
Cisco Proactive Network Operations Center 0
Cisco Prime Security Manager 9.3.4.2-4
Cisco Prime Performance Manager 0
Cisco Prime Optical for SPs 0
Cisco Prime Network Services Controller 0
Cisco Prime Network Registrar (CPNR) 0
Cisco Prime Network 0
Cisco Prime License Manager 0
Cisco Prime LAN Management Solution (LMS - Solaris) 0
Cisco Prime IP Express 0
Cisco Prime Infrastructure Standalone Plug and Play Gateway 0
Cisco Prime Data Center Network Manager (DCNM) 0
Cisco Prime Collaboration Provisioning 0
Cisco Prime Collaboration Deployment 0
Cisco Prime Collaboration Assurance 0
Cisco Prime Access Registrar 0
Cisco Policy Suite (CPS) 0
Cisco Physical Access Control Gateway 0
Cisco Partner Supporting Service (PSS) 1.0
Cisco Packet Tracer 5.3
Cisco Packet Tracer 5.2
Cisco Packet Tracer 5.2
Cisco OnePK All-in-One VM 0
Cisco Nexus 3X00 Series Switches 0
Cisco Nexus 1000V Series Switches 0
Cisco Nexus 1000V InterCloud 0
Cisco Network Performance Analytics (NPA) 0
Cisco Network Performance Analytics 0
Cisco Network Health Framework 0
Cisco Network Analysis Module 0
Cisco Network Admission Control (NAC) 0
Cisco NetFlow Generation Appliance (NGA) 0
Cisco NAC Server 0
Cisco NAC Guest Server 0
Cisco Multicast Manager 0
Cisco MMP server 0
Cisco MeetingPlace 0
Cisco MeetingPlace
Cisco MediaSense 9.1(1)
Cisco MediaSense 9.1 (1)
Cisco MediaSense 9.1
Cisco MediaSense 9.0(1A)
Cisco MediaSense 9.0 (1a)
Cisco MediaSense 8.5(4)
Cisco MediaSense 8.5(3)
Cisco MediaSense 8.5 (4)
Cisco MediaSense 8.5 (3)
Cisco MediaSense 10.5 (1)
Cisco MediaSense 10.0 (1)
Cisco Media Services Interface 0
Cisco Media Experience Engines (MXE) 0
Cisco MDS 9000 Series Multilayer Switches 0
Cisco MATE Live 0
Cisco MATE Design 0
Cisco MATE collector 0
Cisco Management Appliance (MAP) 0
Cisco Local Collector Appliance (LCA) 2.2.8
Cisco Local Collector Appliance 2.2.10
Cisco Lancope Stealthwatch UDP Director 0
Cisco Lancope Stealthwatch SMC 0
Cisco Lancope Stealthwatch FlowSensor 0
Cisco Lancope Stealthwatch FlowCollector sFlow 0
Cisco Lancope Stealthwatch FlowCollector NetFlow 0
Cisco Jabber Software Development Kit 0
Cisco Jabber Guest 10.0(2)
Cisco Jabber Guest 0
Cisco Jabber for Windows 0
Cisco Jabber for Mac 0
Cisco Jabber for Android 0
Cisco IronPort Encryption Appliance (IEA) 0
Cisco IronPort Email Security Appliance 0
Cisco IPS 0
Cisco InTracer 0
Cisco Intelligent Automation for Cloud 0
Cisco IM and Presence Service (CUPS) 0
Cisco Identity Services Engine (ISE) 0
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3)
Cisco Hosted Collaboration Mediation Fulfillment 0
Cisco FireSIGHT System Software 0
Cisco Expressway series 0
Cisco Enterprise Content Delivery System (ECDS) 0
Cisco Emergency Responder 9.2
Cisco Emergency Responder 8.7
Cisco Emergency Responder 8.6
Cisco Emergency Responder 8.5
Cisco Emergency Responder 10.5(3.10000.9)
Cisco Emergency Responder 10.5(1a)
Cisco Emergency Responder 10.5(1.10000.5)
Cisco Emergency Responder 10.5(1)
Cisco Email Security Appliance (ESA) 0
Cisco Edge 340 Digital Media Player 0
Cisco Edge 300 Digital Media Player 0
Cisco DX Series IP Phones 0
Cisco Digital Media Players (DMP) 4400 Series 5.4(1)RB(2P4)
Cisco Digital Media Players (DMP) 4400 Series 5.3(6)RB(2P3)
Cisco Digital Media Players (DMP) 4400 Series 0
Cisco Digital Media Players (DMP) 4300 Series 5.4(1)RB(2P4)
Cisco Digital Media Players (DMP) 4300 Series 5.3(6)RB(2P3)
Cisco Digital Media Players (DMP) 4300 Series 0
Cisco Digital Media Manager (DMM) 5.2.3
Cisco Digital Media Manager (DMM) 5.2.2
Cisco Digital Media Manager (DMM) 5.2.1
Cisco Digital Media Manager (DMM) 5.3
Cisco Digital Media Manager (DMM) 5.2.2.1
Cisco Digital Media Manager (DMM) 5.2.1.1
Cisco Digital Media Manager (DMM) 5.2
Cisco Digital Media Manager (DMM) 5.1
Cisco Digital Media Manager (DMM) 5.0
Cisco DCM Series 9900-Digital Content Manager 0
Cisco Content Security Management Appliance (SMA) 0
Cisco Content Security Appliance Updater Servers 0
Cisco Connected Grid Routers (CGR) 0
Cisco Connected Grid Router-CGOS 0
Cisco Connected Analytics For Collaboration 0
Cisco Cloupia Unified Infrastructure Controller 0
Cisco Cloud Object Store (COS) 0
Cisco Clean Access Manager 0
Cisco Cisco Unified IP Phone 7900 Series 9.4(2)
Cisco Cisco IronPort Encryption Appliance (IEA) 0
Cisco ATA 187 Analog Telephone Adaptor 0
Cisco ASR 5000 Series 0
Cisco ASA Next-Generation Firewall Services 0
Cisco ASA CX and Prime Security Manager 0
Cisco Application Policy Infrastructure Controller (APIC) 0
Cisco Application and Content Networking System (ACNS) 0
Cisco AnyRes Live (CAL) 0
Cisco AnyConnect Secure Mobility Client for iOS 0
Cisco Agent for OpenFlow 0
Cisco Agent Desktop for Cisco Unified Contact Center Express 0
Cisco Adaptive Security Appliance (ASA) 0
Cisco ACE 30 Application Control Engine Module 0
Cisco 8800 Series IP Phones - VPN Feature 0
Cisco 190 ATA Series Analog Terminal Adaptor 0
Apple Mac Os X 10.11.3
Apple Mac Os X 10.11.2
Apple Mac Os X 10.11.1
Apple Mac Os X 10.11.5
Apple Mac Os X 10.11.4
Apple Mac Os X 10.11 Not Vulnerable: OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.1o
IBM Workload Deployer 3.1.0.7 IF12
IBM Sterling Connect:Direct for HP NonStop 3.6.0.1 iFix 030
IBM Security Access Manager for Web 9.0.1.0
IBM Security Access Manager for Web 8.0.1.4
IBM QRadar SIEM/QRIF/QRM/QVM 7.2.7 Patch 1
IBM QRadar SIEM 7.1 MR2 Patch 13
IBM PureApplication System 2.2.1
IBM PureApplication System 2.1.2.3
IBM Image Construction and Composition Tool 2.3.2.0 Build 28
IBM Image Construction and Composition Tool 2.3.1.0 Build 50
IBM DataPower Gateways 7.5.1.1
IBM DataPower Gateways 7.5.0.2
IBM DataPower Gateways 7.2.0.8
IBM DataPower Gateways 7.1.0.11
IBM DataPower Gateways 7.0.0.14
IBM Cognos Business Intelligence 10.2.1 Interim Fix 17
IBM Cognos Business Intelligence 10.1.1 Interim Fix 19
IBM Cloud Manager with Openstack 4.3.0.6 Interim Fix1
IBM Cloud Manager with Openstack 4.2.0.3 interim fix
IBM Cloud Manager with Openstack 4.1.0.5 interim fix
IBM Algo Audit and Compliance 2.1.0.3 IF 2
HP Helion OpenStack 2.1.5
Extremenetworks Purview 7.0
Extremenetworks NetSight Appliance 7.0
Extremenetworks NAC Appliance 7.0
Extremenetworks IdentiFi Wireless 10.11.1
Extremenetworks IdentiFi 9.21.12
Extremenetworks ExtremeXOS 21.1.2
Extremenetworks ExtremeXOS 16.2.1
Extremenetworks ExtremeXOS 22.1
Extremenetworks EOS 8.61.1
Cisco Wide Area Application Services (WAAS) 6.2.3
Cisco Wide Area Application Services (WAAS) 5.5.7
Cisco WebEx Node for MCS 3.12.9.8
Cisco WebEx Messenger Service 7.20
Cisco WebEx Meetings Server - SSL Gateway 2.7
Cisco WebEx Meetings Server 2.7
Cisco WebEx Meetings for WP8 2.6.1
Cisco WebEx Meetings for WP8 3.0
Cisco WebEx Meetings for Android 9.1
Cisco WebEx Meetings Client - On Premises 2.7
Cisco WebEx Meetings Client - Hosted T31R1SP6
Cisco WebEx Meeting Center 3.9.1
Cisco WebEx Meeting Center 3.9.0.5
Cisco Virtualization Experience Media Engine 11.5.1
Cisco Virtualization Experience Media Engine 11.7(0)
Cisco Virtual Security Gateway for Microsoft Hyper-V VSG2(1.4)
Cisco Virtual Security Gateway for Microsoft Hyper-V 5.2(1)
Cisco Virtual Security Gateway VSG2(1.4)
Cisco Virtual Security Gateway 5.2(1)
Cisco Video Surveillance PTZ IP Cameras 2.8
Cisco Video Surveillance Media Server 7.9
Cisco Video Surveillance 7000 Series IP Cameras 2.8
Cisco Video Surveillance 6000 Series IP Cameras 2.8
Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras 3.2.8
Cisco Video Surveillance 4000 Series High-Definition IP Cameras 2.4.7
Cisco Video Surveillance 3000 Series IP Cameras 2.8
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) 4.3.2
Cisco Universal Small Cell 7000 Series 3.5.12.21
Cisco Universal Small Cell 5000 Series 3.5.12.21
Cisco Unity Connection (UC) 11.5
Cisco Unified Workforce Optimization Quality Management 11.0 SR3 ES5
Cisco Unified Workforce Optimization 11.0 SR3 ES5
Cisco Unified Wireless IP Phone 1.5.1
Cisco Unified SIP Proxy 10.0
Cisco Unified Intelligent Contact Management Enterprise 11.51
Cisco Unified Intelligence Center (CUIC) 11.5.1
Cisco Unified Contact Center Express 11.5.1
Cisco Unified Contact Center Enterprise 11.51
Cisco Unified Communications Manager Session Management Edition (SME) 11.5
Cisco Unified Communications Manager (UCM) 11.5
Cisco Unified Communications for Microsoft Lync 11.6
Cisco Unified Communications for Microsoft Lync 10.6.7
Cisco Unified 9971 IP Phone 9.4.2SR3
Cisco Unified 9951 IP Phone 9.4.2SR3
Cisco Unified 8961 IP Phone 9.4.2SR3
Cisco Unified 8945 IP Phone 9.4.2SR3
Cisco Unified 7800 Series IP Phones 11.5.2
Cisco Unified 6901 IP Phones 9.3(1)SR3
Cisco UCS Central 1.5(1a)
Cisco TelePresence Video Communication Server (VCS) 8.8
Cisco TelePresence SX Series 8.1.2
Cisco TelePresence SX Series 7.3.7
Cisco TelePresence Server on Virtual Machine 4.4
Cisco TelePresence Server on Virtual Machine 4.2 MR2
Cisco TelePresence Server on Multiparty Media 320 4.4
Cisco TelePresence Server on Multiparty Media 320 4.2 MR2
Cisco TelePresence Server on Multiparty Media 310 4.4
Cisco TelePresence Server on Multiparty Media 310 4.2 MR2
Cisco TelePresence Server 8710 4.4
Cisco TelePresence Server 8710 4.2 MR2
Cisco Telepresence Server 7010 4.4
Cisco Telepresence Server 7010 4.2 MR2
Cisco TelePresence Profile Series 8.1.2
Cisco TelePresence Profile Series 7.3.7
Cisco TelePresence MX Series 8.1.2
Cisco TelePresence MX Series 7.3.7
Cisco TelePresence ISDN Link 1.1.6
Cisco TelePresence Integrator C Series 8.1.2
Cisco TelePresence Integrator C Series 7.3.7
Cisco TelePresence EX Series 8.1.2
Cisco TelePresence EX Series 7.3.7
Cisco TelePresence Content Server (TCS) 7.2
Cisco TelePresence Conductor 4.3
Cisco SPA525G 7.6.5
Cisco SPA51X Series IP Phones 7.6.5
Cisco SPA50X Series IP Phones 7.6.5
Cisco SPA30X Series IP Phones 7.6.5
Cisco SPA232D Multi-Line DECT ATA 1.4.5
Cisco SPA122 ATA with Router 1.4.5
Cisco SPA112 2-Port Phone Adapter 1.4.5
Cisco Security Manager 4.12
Cisco Registered Envelope Service (CRES) 5.0
Cisco Prime Security Manager 9.5.4.3
Cisco Prime Optical for SPs 10.6
Cisco Prime License Manager 11.5
Cisco Prime Collaboration Provisioning 11.2
Cisco Prime Collaboration Deployment 11.5
Cisco Prime Collaboration Assurance 11.5 SP1
Cisco Prime Access Registrar 7.1
Cisco Prime Access Registrar 7.2
Cisco Prime Access Registrar 7.0.1.7
Cisco Policy Suite (CPS) 10.0
Cisco Paging Server (Informacast) 11.5.1
Cisco Paging Server 11.5.1
Cisco Packet Tracer 7.0
Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.6.1
Cisco Nexus 9000 (ACI/Fabric Switch) 12.0
Cisco Nexus 7000 Series Switches 6.2.17
Cisco Nexus 7000 Series Switches 8.3
Cisco Nexus 7000 Series Switches 7.3.1NX
Cisco Nexus 7000 Series Switches 7.3.1DX
Cisco Nexus 6000 Series Switches 6.2.17
Cisco Nexus 6000 Series Switches 8.3
Cisco Nexus 6000 Series Switches 7.3.1NX
Cisco Nexus 6000 Series Switches 7.3.1DX
Cisco Nexus 5000 Series Switches 7.3.1
Cisco Nexus 5000 Series Switches 6.2.17
Cisco Nexus 5000 Series Switches 8.3
Cisco Nexus 5000 Series Switches 7.3.1NX
Cisco Nexus 5000 Series Switches 7.3.1DX
Cisco Nexus 4000 Series Blade Switches 0.9.8zf
Cisco Nexus 1000V Series Switches (ESX) 5.2(1)SV3(2.1)
Cisco Nexus 1000V Series Switches 5.2(1)SV3(2.1)
Cisco Network Analysis Module 6.3.1
Cisco Mobility Services Engine (MSE) 8.0
Cisco MMP server 3.9.1
Cisco MMP server 3.9.0.5
Cisco MMP server 3.10
Cisco MeetingPlace 2.7
Cisco MediaSense 11.5.1
Cisco Media Experience Engines (MXE) 3.5.1
Cisco Media Experience Engines (MXE) 3.5
Cisco Media Experience Engines (MXE) 3.2
Cisco MDS 9000 Series Multilayer Switches 6.2.17
Cisco MDS 9000 Series Multilayer Switches 8.3
Cisco MDS 9000 Series Multilayer Switches 7.3.1NX
Cisco MDS 9000 Series Multilayer Switches 7.3.1DX
Cisco Local Collector Appliance (LCA) 2.2.12
Cisco Lancope Stealthwatch UDP Director 6.8.2
Cisco Lancope Stealthwatch UDP Director 6.8.1
Cisco Lancope Stealthwatch UDP Director 6.8
Cisco Lancope Stealthwatch UDP Director 6.7.3
Cisco Lancope Stealthwatch SMC 6.8.2
Cisco Lancope Stealthwatch SMC 6.8.1
Cisco Lancope Stealthwatch SMC 6.8
Cisco Lancope Stealthwatch SMC 6.7.3
Cisco Lancope Stealthwatch FlowSensor 6.8.2
Cisco Lancope Stealthwatch FlowSensor 6.8.1
Cisco Lancope Stealthwatch FlowSensor 6.8
Cisco Lancope Stealthwatch FlowSensor 6.7.3
Cisco Lancope Stealthwatch FlowCollector sFlow 6.8.2
Cisco Lancope Stealthwatch FlowCollector sFlow 6.8.1
Cisco Lancope Stealthwatch FlowCollector sFlow 6.8
Cisco Lancope Stealthwatch FlowCollector sFlow 6.7.3
Cisco Lancope Stealthwatch FlowCollector NetFlow 6.8.2
Cisco Lancope Stealthwatch FlowCollector NetFlow 6.8.1
Cisco Lancope Stealthwatch FlowCollector NetFlow 6.8
Cisco Lancope Stealthwatch FlowCollector NetFlow 6.7.3
Cisco Jabber Software Development Kit 11.7
Cisco Jabber Guest 11.0
Cisco Jabber for Mac 11.7
Cisco Jabber for Apple iOS 11.7
Cisco Jabber for Apple iOS 11.6.2
Cisco Jabber for Android 11.6 MR
Cisco IronPort Email Security Appliance 10.5
Cisco IP Interoperability and Collaboration System (IPICS) 5.0
Cisco IOS Software and Cisco IOS XE Software 16.3.1
Cisco Intelligent Automation for Cloud 0.9.8
Cisco IM and Presence Service (CUPS) 11.5
Cisco Identity Services Engine (ISE) 2.2.1
Cisco Hosted Collaboration Mediation Fulfillment 11.5:20
Cisco Hosted Collaboration Mediation Fulfillment 11.5
Cisco Expressway series 8.8
Cisco Enterprise Content Delivery System (ECDS) 2.6.8
Cisco Emergency Responder 11.5
Cisco Email Security Appliance (ESA) 10.5
Cisco Edge 340 Digital Media Player 1.2.0.20
Cisco Edge 300 Digital Media Player 1.6RB4_5
Cisco Digital Media Players (DMP) 4400 Series 5.4(1)RB(2P11)
Cisco Digital Media Players (DMP) 4300 Series 5.4(1)RB(2P11)
Cisco Digital Media Manager 5.4.1
Cisco Digital Media Manager 5.4
Cisco Digital Media Manager 5.3.6
Cisco Digital Media Manager 5.3
Cisco DCM Series 9900-Digital Content Manager 19.0
Cisco Connected Grid Router - CGOS 15.6.2.15T
Cisco Connected Grid Router 15.6.2.15T
Cisco Connected Analytics For Collaboration 1.0.1q
Cisco Computer Telephony Integration Object Server (CTIOS) 11.51
Cisco Common Services Platform Collector 1.9.1
Cisco Cloud Object Store (COS) 3.8
Cisco ATA 187 Analog Telephone Adaptor 9.2.5
Cisco ASA CX and Cisco Prime Security Manager 9.5.4.3
Cisco Application Policy Infrastructure Controller (APIC) 2.0(0.400)
Cisco Application and Content Networking System (ACNS) 5.5.41
Cisco AnyRes Live (CAL) 9.4.5
Cisco AnyConnect Secure Mobility Client for Windows 4.3
Cisco AnyConnect Secure Mobility Client for Windows 4.2
Cisco AnyConnect Secure Mobility Client for Windows 4.0
Cisco AnyConnect Secure Mobility Client for OS X 4.3
Cisco AnyConnect Secure Mobility Client for OS X 4.2
Cisco AnyConnect Secure Mobility Client for OS X 4.0
Cisco AnyConnect Secure Mobility Client for Linux 4.3
Cisco AnyConnect Secure Mobility Client for Linux 4.2
Cisco AnyConnect Secure Mobility Client for Linux 4.0
Cisco AnyConnect Secure Mobility Client for iOS 4.3
Cisco AnyConnect Secure Mobility Client for iOS 4.2
Cisco AnyConnect Secure Mobility Client for iOS 4.0
Cisco AnyConnect Secure Mobility Client for Android 4.3
Cisco AnyConnect Secure Mobility Client for Android 4.2
Cisco AnyConnect Secure Mobility Client for Android 4.0
Cisco AnyConnect Secure Mobility Client 4.3
Cisco AnyConnect Secure Mobility Client 4.2
Cisco Agent for OpenFlow 2.1.5
Cisco Agent for OpenFlow 2.0.7
Cisco 8800 Series IP Phones - VPN Feature 11.5.2
Cisco 190 ATA Series Analog Terminal Adaptor 1.3
Apple Mac Os X 10.11.6
Apple Mac Os X Security Update 2016


SecurityFocus Vulnerabilities

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Repercussions of the massive Yahoo breach
Yahoo has announced on Thursday that they have suffered a breach and that account information of at least half a billion users has been exfiltrated from the company’s network in late 2014.

Review: Boxcryptor
Storing your data in the cloud comes with both positive and negative aspects. Boxcryptor is a solution that helps with this by encrypting your data on your device before it gets synchronized to the cloud storage provider of your choice.

(IN)SECURE Magazine issue 51 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

How ransomware is impacting companies in six major industries
BitSight analyzed the security ratings of nearly 20,000 companies to identify common forms of ransomware and to determine which industries (amongst Finance, Healthcare, Education, Energy/Utilities, Retail, and Government) are most likely to experience attacks.

Why DNS shouldn’t be used for data transport
Malicious DNS tunnelling is a big problem in cybersecurity.

Basic file deletion increases exposure to security risks
The use of improper data removal methods and the poor enforcement of data retention policies have created the perfect storm for confidential, oftentimes sensitive data to be lost or stolen.

US elections and the hacking of e-voting machines
As the day when US citizens cast a vote for their preferred presidential nominee quickly approaches, the issue of whether the actual voting process can be tampered with is a topic that interests many.

Malicious torrents management tool uncovered
Researchers have uncovered Raum, a tool that is used by Eastern European organized crime group “Black Team” to deliver malware to users through malicious torrents.

Xiaomi smartphones come equipped with backdoor
If you’re a computer science student with an interest in cybersecurity like Thijs Broenink, you can reverse-engineer pre-loaded apps and discover for yourself what they do.

Chinese researchers hijack Tesla cars from afar
Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components.

We have to start thinking about cybersecurity in space
With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds – but it shouldn’t be.

HDDCryptor ransomware uses open source tools to thoroughly own systems
HDDCryptor (aka Mamba) is a particularly destructive piece of ransomware that encrypts files in mounted drives and network shares, locks the computers’ hard disk, and overwrites their boot disk MBR.

Biometric skimmers: Future threats to ATMs
Kaspersky Lab experts investigated how cybercriminals could exploit new biometric ATM authentication technologies planned by banks.

US gets federal guidelines for safe deployment of self-driving cars
The public is welcome to comment on the new policy, and the Department of Transportation intends to update it annually.

880,000 users exposed in MoDaCo data breach
Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised.

UK: Financial fraud soars
More than 1 million incidents of financial fraud – payment card, remote banking and cheque fraud – occurred in the first six months of 2016, according to official figures released by Financial Fraud Action UK. To compare, in the first six months of 2015 there were a little over 660,000 cases.

Should you trust your security software?
Recently, Google’s Project Zero security research team uncovered a bunch of critical vulnerabilities in two dozen enterprise and consumer antivirus security products from Symantec and its Norton brand.

BENIGNCERTAIN-like flaw affects various Cisco networking devices
The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one.

Connected devices riddled with badly-coded APIs, poor encryption
Ignoring cybersecurity at the design level provides a wide open door for malicious threat actors to exploit smart home products.


Help Net Security

Cisco has provided a patch to address a remote hijacking vulnerability in its Cloud Services Platform (CSP).

Switchzilla said that all customers who run CSP 2100 software should install the 2.1.0 update to close a remote code execution flaw it considers to be a high security risk.

Designed as an efficient way to manage virtualized network services and components, CSP is installed as a Linux x86 virtual machine built into a Cisco network appliance. The system includes a web-based GUI for device management.

Cisco says that the flaw (CVE-2016-6374) allows an attacker to send malformed HTTP requests to achieve remote code execution.

Specifically, Cisco warns, the attacker will be able to shoot the targeted system a poisoned DNS-lookup request through the CSP web interface. That attacker could then execute commands on the server without the need for further authentication.

Cisco noted that, aside from installing the update, there are no known mitigations for the vulnerability. No other Cisco appliances or hardware are believed to be subject to the flaw, and Cisco says it is not aware of any attempts to exploit the vulnerability in the wild.

The patch comes just three days after Cisco issued a fix for another high-severity flaw in its IOS platform.

That flaw, spotted during the "Shadow Brokers" review, allowed for a cock-up in the handling of IKE requests to open up memory contents to a remote attacker, potentially allowing for information disclosure. ®

Sponsored: Fast data protection ROI?


The Register - Security

BINOM3, a multifunctional revenue energy meter and power quality analyzer from Russia-based Algoritm, is plagued by several serious vulnerabilities for which patches don’t appear to exist.

The flaws were discovered by security researcher Karn Ganeshen and reported to the vendor via ICS-CERT on May 25. Since the company has not responded to ICS-CERT’s notifications, the expert decided to make his findings public.

According to Ganeshen, the web management portal of BINOM3 devices is plagued by both reflected and persistent cross-site scripting (XSS) vulnerabilities that can be leveraged by authenticated and sometimes even unauthenticated attackers to execute arbitrary JavaScript code by getting the targeted user to click on a link or visit a certain webpage.

Another problem identified by the expert is related to poorly secured accounts. The researcher has identified four accounts protected by weak passwords that can only be changed by the root user. The root account is not documented and it can be accessed with easy-to-guess credentials (i.e. root/root).

Ganeshen warned that passwords and other sensitive information is stored in clear text. Such information is also exposed to man-in-the-middle (MitM) attacks.

ICS Cyber Security ConferenceBINOM3 is also vulnerable to cross-site request forgery (CSRF) attacks due to the lack of CSRF tokens. To make matters worse, Telnet access to the device does not appear to require password authentication, giving remote attackers easy access with elevated privileges.

Until patches become available, ICS-CERT has advised users to minimize network exposure for all control systems and use VPNs when remote access is required.

According to the vendor’s website, the affected products are designed for autonomous operation in automated systems, including SCADA, data acquisition and transmission, measurement, power quality monitoring, process control, and information management. The BINOM3 website is available in Russian, English and German, which suggests that the product is available in several countries.

BINOM3 is not the only brand of energy products analyzed by Ganeshen. Last week, ICS-CERT issued two alerts after the researcher disclosed several vulnerabilities affecting similar products from Schneider Electric and FENIKS PRO.

Related: Learn More at the ICS Cyber Security Conference

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed