Vulnerability Updates

National Cyber Awareness System's Weekly Bulletins For The Month

RSS CERT Vulnerability Notes

RSS National Vulnerability Database

  • CVE-2018-14072 2018-07-15
    libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
  • CVE-2018-14073 2018-07-15
    libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
  • CVE-2018-14069 2018-07-15
    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
  • CVE-2018-14068 2018-07-15
    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
  • CVE-2018-14066 2018-07-15
    The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

RSS SecurityFocus Vulnerabilities List

RSS Symantec Vulnerabilities List

RSS Packet Storm’s Apple Vulnerability List

  • Apple Security Advisory 2018-7-9-7 2018-07-10
    Apple Security Advisory 2018-7-9-7 - iTunes 12.8 for Windows is now available and addresses code execution and denial of service vulnerabilities.
  • Apple Security Advisory 2018-7-9-6 2018-07-09
    Apple Security Advisory 2018-7-9-6 - iCloud for Windows 7.6 is now available and addresses code execution and denial of service vulnerabilities.
  • Apple Security Advisory 2018-7-9-5 2018-07-09
    Apple Security Advisory 2018-7-9-5 - Safari 11.1.2 is now available and addresses code execution and denial of service vulnerabilities.
  • Apple Security Advisory 2018-7-9-4 2018-07-09
    Apple Security Advisory 2018-7-9-4 - macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address information leakage vulnerabilities.
  • Apple Security Advisory 2018-7-9-3 2018-07-09
    Apple Security Advisory 2018-7-9-3 - tvOS 11.4.1 is now available and addresses code execution and denial of service vulnerabilities.

RSS Packet Storm’s Windows Vulnerability List

  • Apple Security Advisory 2018-7-9-7 2018-07-10
    Apple Security Advisory 2018-7-9-7 - iTunes 12.8 for Windows is now available and addresses code execution and denial of service vulnerabilities.
  • Apple Security Advisory 2018-7-9-6 2018-07-09
    Apple Security Advisory 2018-7-9-6 - iCloud for Windows 7.6 is now available and addresses code execution and denial of service vulnerabilities.
  • Microsoft Windows Kernel (win32k.sys) Local Denial Of Service 2018-07-02
    Microsoft Windows Kernel (win32k.sys) suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl.
  • Microsoft Windows ADODB.Record Object File Overwrite 2018-06-29
    Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.
  • Quest KACE Systems Management Command Injection 2018-06-26
    This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be […]