Vulnerability Updates

CWE-306:Missing Authentication for Critical Function - CVE-2018-5393 EAP Controller for Linux utilizes a Java remote method invocation(RMI)service for remote control. The RMI interface does not require any authentication before use. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute […]

CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowing the attacker to decrypt information encrypted with that key. According to National Cyber […]

CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following Texas Instrument chips are affected: CC2640(non-R2)with BLE-STACK version 2.2.1 or an earlier version CC2650 with BLE-STACK version 2.2.1 or an earlier version CC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22(BLE-STACK 3.0.0)CC1350 with SimpleLink CC13x0 SDK version 2.20.00.38(BLE-STACK […]

Cisco Adaptive Security Appliance(ASA)software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,which can allow an attacker to trigger high CPU usage,resulting in a denial-of-service condition on affected devices. This vulnerability is exposed if SIP Inspection is enabled on affected devices,which is the default configuration on ASA devices. The Cisco SIP Inspection feature […]

The Web Proxy Automatic Discovery(WPAD)protocol is used to automatically provide proxy configuration information to devices on a network. Clients issue a special DHCP request to obtain the information for the proxy configuration,but will fall back on a DNS request to one of several standardized URLs making use of the subdomain name of“wpad” if a DHCP […]

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.

Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.

Centreon 3.4.x allows SNMP trap SQL Injection.

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

Siemens SIMATIC Panels Multiple Security Vulnerabilities

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Type: Vulnerability. Microsoft Windows is prone to a local privilege-escalation vulnerability; fixes are available.

Type: Vulnerability. Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability; fixes are available.

Type: Vulnerability. Microsoft Skype for Business and Lync are prone to a remote denial-of-service vulnerability; fixes are available.

Type: Vulnerability. Microsoft Team Foundation Server is prone to a remote code-execution vulnerability; fixes are available.

Type: Vulnerability. Microsoft ChakraCore is prone to a remote memory-corruption vulnerability; fixes are available.

Apple Security Advisory 2018-10-30-11 - tvOS 12 addresses code execution and denial of service vulnerabilities.

Apple Security Advisory 2018-10-30-14 - macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan address buffer overflow, code execution, denial of service, information leakage, and null pointer vulnerabilities.

Apple Security Advisory 2018-10-30-8 - iOS 12 addresses code execution and denial of service vulnerabilities.

Apple Security Advisory 2018-10-30-9 - macOS Mojave 10.14 addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities.

Apple Security Advisory 2018-10-30-12 - iCloud for Windows 7.7 addresses code execution vulnerabilities.

SwitchVPN for MacOS and Windows version 2.1012.03 suffers from a man-in-the-middle vulnerability.

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for […]

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due […]

Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by […]