Security Advisories & Alerts

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software

Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an...

Read More


CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates

Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Impact:  A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious...

Read More


CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers

Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.  A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of...

Read More


Microsoft CVE-2017-0261: Microsoft Office Remote Code Execution Vulnerability

Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. Impact: An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely...

Read More


The Stack Clash – Linux root privilege escalation vulnerability

Description: The flaw was discovered last month by security researchers from Qualys, who worked with various vendors to make sure patches are available before going public with their findings. According to Qualys researchers, the issue affects a host of *NIX systems, such as Linux, OpenBSD, NetBSD, FreeBSD, and Solaris. Researchers only tested Stack Clash on the i386 and amd64 platforms, and they don’t exclude that...

Read More


Page 120 of 132« First...102030...118119120121122...130...Last »