Skip to content

Home Early Warning System Issues
Issues
Microsoft Windows JScript Error Object Use-After-Free Remote Code Execution Vulnerability
Wednesday, 30 May 2018 14:30

A vulnerability was reported in JScript Error Object of Microsoft Windows. Remote attackers may be able to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. No patch was available at the time of this entry. The only salient mitigation strategy is to restrict interaction with the application to trusted files.

 
Vulnerabilities in Email Clients Affect Users of OpenPGP and S/MIME Encryption
Tuesday, 15 May 2018 12:00

Multiple vulnerabilities were discovered in email clients for two email encryption standards PGP and S/MIME. Remote attackers could recover plaintext from encrypted emails without access to the encryption keys. No solution was available at the time of this entry. To mitigate this vulnerability, users are advised to decrypt mail outside of mail client, disable HTML rendering, and disable Remote Content Loading.

 
New Internet Explorer Zero-Day Exploit: "Double Kill" Vulnerability
Tuesday, 24 April 2018 12:00

A new APT attack using 0-day IE vulnerability has been detected and dubbed "Double Kill" by Chinese company Qihoo 360. The latest version of Internet Explorer and applications that use the IE kernel are affected. It's being spread in Microsoft Office documents that include a malicious Web page. Qihoo 360 has reported this to Microsoft, but there is no news from Microsoft at the time of this entry. Users are advised not to open office documents from untrusted sources. Another mitigation is to stop using Internet Explorer and adopted Edge browser instead.

 
Multiple Vulnerabilities in Wireshark Affect F5 BIG-IP Products
Tuesday, 27 March 2018 12:00

K34035645: Multiple Wireshark vulnerabilities
A remote attacker can transmit crafted packets while a BIG-IP administrator account runs the tshark utility with the affected protocol parsers via Advanced Shell (bash). This causes the tshark utility to stop responding and may allow remote code execution from the BIG-IP administrator account. No upgrade was available at the time of this entry. To mitigate this vulnerability, you can use the tshark utility to perform a traffic capture to a file instead of using the affected protocol parsers.

 
Vulnerabilities in DHCP Client and NTP Affect F5 Products
Wednesday, 21 March 2018 11:00

K08306700: DHCP client vulnerability (CVE-2018-5732)
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. An attacker can cause a denial of service (DoS) of DHCP functionality on the F5 product management interface. No upgrade was available at the time of this entry.

K82570157: NTP vulnerability (CVE-2018-7170)
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. An attacker can make adjustments to the system time of the F5 product, disrupting time-sensitive functionality of the F5 product. Only F5 products configured to use symmetric key authentication when synchronizing time with an NTP server are vulnerable. No upgrade was available at the time of this entry.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 140
[YOUR IP : 54.198.104.202: 38586] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...