Security Advisories & Alerts


Multiple Cisco Products CVE-2017-12277 Remote Command Injection Vulnerability

Description: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious...

Read More


CVE-2017-12301: Cisco NX-OS Software Python Parser Escape Vulnerability

Description: The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be...

Read More


Cisco ASA Next-Generation Firewall Services CVE-2017-12299 Remote Security Bypass Vulnerability

Description: Cisco ASA Next-Generation Firewall Services is prone to a remote security-bypass vulnerability. Impact: Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug CSCvd97962. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/101915/info https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1


WPA2 Key Reinstallation Multiple Security Weaknesses

Description: WPA2 is prone to multiple security weaknesses. Impact: Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. This may aid in further attacks. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.krackattacks.com/ https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4


Intel Manageability Engine CVE-2017-5705 Multiple Local Buffer Overflow Vulnerabilities

Description: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. Impact: Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Intel Manageability Engine versions 11.0, 11.5, 11.6, 11.7, 11.10, and 11.20 are vulnerable. Mitigation:...

Read More


Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability

Description:  Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Impact: An attacker can leverage this issue to execute arbitrary code in the context of the...

Read More


Microsoft Office CVE-2017-11825 Remote Code Execution Vulnerability

Description: Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. Impact: An attacker can leverage this issue to execute arbitrary code in the context of the currently...

Read More


Windows ASLR Vulnerability !!

Description:  Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard. Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to...

Read More


Microsoft Releases November 2017 Security Updates

Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The November security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ASP.NET Core and .NET Core Chakra Core Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please...

Read More


Joomla! Releases Security Update

Description: Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. Impact: A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.joomla.org/announcements/release-news/5716-joomla-3-8-2-release.html


Page 50 of 66« First...102030...4849505152...60...Last »