Security Advisories & Alerts


Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6607 Denial of Service Vulnerability

Description: The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Only traffic directed to...

Read More


Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6608 Denial of Service Vulnerability

Description: The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be...

Read More


Cisco ASA Software CVE-2017-6610 Denial of Service Vulnerability

Description: The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by...

Read More


Cisco ASA Software CVE-2017-6609 Denial of Service Vulnerability

Description: The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4...

Read More


Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability

Description: The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. Related CVE: CVE-2017-3808 Impact:  A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified...

Read More


Cisco Firepower System Software CVE-2016-6368 Denial of Service Vulnerability

Description: The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Related CVE: CVE-2016-6368...

Read More


Cisco IOS and IOS XE Software Multiple Denial of Service Vulnerabilities

Description: These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Related CVE ID(s): CVE-2017-3860, CVE-2017-3861, CVE-2017-3862,...

Read More


Microsoft Windows Graphics CVE-2017-0005 Local Privilege Escalation Vulnerability

Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0001,...

Read More


Microsoft Internet Explorer CVE-2017-0149 Remote Memory Corruption Vulnerability

Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. Internet Explorer 9, 10 and 11 are vulnerable. Impact: Attackers can exploit this issue to execute arbitrary code in the context...

Read More


Microsoft Office RTF documents that leverage CVE-2017-0199 vulnerability

Description: This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. The vulnerability affects Microsoft Office, including the latest Office 2016 edition running on Windows 10. Impact: Researchers has observed Office documents exploiting CVE-2017-0199 that download and execute malware payloads from different well-known malware families. Mitigation: Updates are...

Read More


Page 62 of 65« First...102030...6061626364...Last »