Description: A vulnerability has been discovered in Adobe Flash Player that could allow for remote code execution. This vulnerability occurs due to a use-after-free error (CVE-2018-4878). Adobe is scheduled to release a patch to address this vulnerability during the week of February 5th, 2018. In the meantime, Adobe has provided mitigation steps that are listed in the recommendations section below. Impact: Successful exploitation of this...
Read More
Description: A vulnerability has been identified in Mozilla Firefox, which could allow for arbitrary code execution. A Content Security Policy (CSP) is not properly enforced on chrome-privileged documents, which are used by extensions in Mozilla FireFox. An attacker could exploit this vulnerability by enticing a user running a vulnerable version of the application to follow a specially crafted link designed to trigger this issue. Impact:...
Read More
Description: CVE-2017-3145 is a denial-of-service vector which can potentially be exploited against ISC BIND servers, causing them to crash. The underlying flaw has existed since BIND 9.0.0 but is not known to be reachable in any version prior to those containing the fix for CVE-2017-3137 [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1], and...
Read More
Description: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP...
Read More
Description: A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration...
Read More
