by CIRT Team
Linux kernel CVE-2017-9077 Local Denial of Service Vulnerability
Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Impact: An attacker can exploit this issue to cause a local denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...
Read More
by CIRT Team
Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability
Description: Oracle MySQL Server is prone to a remote security vulnerability in MySQL Server. The vulnerability can be exploited over the ‘MySQL’ protocol. The ‘Server: DML’ sub component is affected. This vulnerability affects the following supported versions: 5.7.18 and prior 5.5.56 and prior 5.6.36 and prior Impact: Remote Security Vulnerability. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/99767/info...
Read More
by CIRT Team
Adobe Acrobat and Reader APSB17-11 Multiple Unspecified Memory Corruption Vulnerabilities
Description: Adobe Acrobat and Reader are prone to multiple unspecified memory-corruption vulnerabilities. Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods: Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user...
Read More
by CIRT Team
Security Fixes for Google Chrome
Description: Google chrome before version 60.0.3112.78 for Windows, Mac, and Linux has multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Impact: Attackers can exploit these issues to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
by CIRT Team
CVE-2017-8572 Microsoft Office Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. Impact: An attacker who exploited the vulnerability could use the information to compromise the user’s computer...
Read More
by CIRT Team
CVE-2017-8663 Microsoft Office Outlook Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...
Read More
by CIRT Team
Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability
Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or...
Read More
by CIRT Team
Apple macOS CVE-2017-7044 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may...
Read More
by CIRT Team
Apple iOS/WatchOS/tvOS/macOS : CVE-2017-7069 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: An attacker can exploit these issues...
Read More
by CIRT Team
Linux kernel CVE-2017-11176 : mq_notify function Denial of Service Vulnerability
Description: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. Impact: An attacker can exploit this issue to cause denial-of-service condition. Mitigation: Updates are available. Please check...
Read More
