Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private...
Read More
Description: A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by authenticating to the affected device and performing...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Below versions are affected: PHP 5.6 prior to 5.6.31 PHP 7.0 prior to 7.0.21...
Read More
Description: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Impact: Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Microsoft Skype...
Read More
Description: Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Impact: A guest may cause a hypervisor crash, resulting in a Denial of Service (DoS). Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://xenbits.xen.org/xsa/advisory-225.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923
