SB2013092701 - Multiple vulnerabilities in Nextcloud ios

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013092701

SB2013092701 - Multiple vulnerabilities in Nextcloud ios

Published: September 27, 2013 Updated: August 10, 2020

Security Bulletin ID SB2013092701
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 83% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2012-5427)

The vulnerability allows a remote #AU# to perform service disruption.

Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.


2) Race condition (CVE-ID: CVE-2013-5474)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.


3) Input validation error (CVE-ID: CVE-2013-5477)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.


4) Input validation error (CVE-ID: CVE-2013-5479)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.


5) Input validation error (CVE-ID: CVE-2013-5480)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.


6) Input validation error (CVE-ID: CVE-2013-5481)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.


Remediation

Install update from vendor's website.

References