by CIRT Team
Linux Kernel TCP implementation vulnerable to Denial of Service
Description: The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially modified packets. Impact: An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/962459 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
by CIRT Team
Drupal Releases Security Update
Description: Drupal has released a security update addressing a vulnerability in Drupal 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/SA-CORE-2018-005
by CIRT Team
Apache Security Updates for Apache Tomcat
Description: The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released updates to address vulnerabilities affecting Cisco products. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
by CIRT Team
Oracle Releases Security Update
Description: Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. Impact: An attacker could exploit these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
by CIRT Team
Mozilla Releases Security Update for Thunderbird
Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/
by CIRT Team
VMware Releases Security Updates
Description: VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0016.html
by CIRT Team
Cisco Releases Security Updates for Multiple Products
Description: Cisco has released updates to address vulnerabilities affecting multiple products. Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Cisco has released software updates that address this vulnerability. Please see the references or vendor advisory for more information. References: Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability cisco-sa-20180620-nxos-bo Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary...
Read More
by CIRT Team
Intel Releases Security Advisory on Lazy FP State Restore Vulnerability
Description: Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore...
Read More
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released updates to address vulnerabilities affecting multiple products. Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Cisco has released software updates that address this vulnerability. Please see the references or vendor advisory for more information. Reference URL’s: Digital Network Architecture Center Static Credentials Vulnerability cisco-sa-20180516-dnac Digital Network Architecture Center Authentication Bypass Vulnerability cisco-sa-20180516-dna2 Digital Network...
Read More
