Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • NCAS Weekly Vulnerability Summary

    Home Forums Code Red – Security advisories NCAS Weekly Vulnerability Summary

    Topic Resolution: Not a Question

    This topic contains 7 replies, has 3 voices, and was last updated by  Kirsty 3 days, 22 hours ago.

    • Author
      Posts
    • #102847 Reply

      PhotM
      AskWoody Lounger

      U.S. Department of Homeland Security US-CERT
      National Cyber Awareness System:

      SB17-079: Vulnerability Summary for the Week of March 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-079

      03/20/2017 09:37 AM EDT

      Original release date: March 20, 2017

      The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

      The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

      High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

      Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

      Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

      Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

      High Vulnerabilities

      ………

      ----------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon 6880, Neither Over Clocked

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

      Best Regards,

      Crysta

      • This topic was modified 3 weeks, 6 days ago by  Kirsty. Reason: Title edited
      • This topic was modified 1 week, 5 days ago by  Kirsty.
    • #105796 Reply

      Kirsty
      AskWoody MVP

      SB17-086: Vulnerability Summary for the Week of March 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-086

      Original release date: March 27, 2017

      This week’s vulnerability lists include:
      Linux
      Ubuntu
      Raspberry Pi
      BitDefender 12
      TrendMicro 11
      Cisco Webex
      Huawai DSM
      (and many more)

    • #106826 Reply

      Kirsty
      AskWoody MVP

      SB17-093:  Vulnerability Summary for the Week of March 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-093

      Original release date: April 03, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS pre-10.12.4
        Samsung Galaxy
        Linux
        Debian Linux
        Ubuntu Linux
        Gitlab
        Php to 7.1.3
        Netflix Security Monkey
        Moodle
        (and many more)
    • #108618 Reply

      Kirsty
      AskWoody MVP

      SB17-100: Vulnerability Summary for the Week of April 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-100

      Original release date: April 10, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS X pre-10.12.4
        Apple iCloud pre-6.2
        Apple iTunes pre-12.6
        Apple tvOS pre-10.2
        Safari
        Linux
        Google Android
        Huawai
        Cisco
        D-Link
        McAfee Anti-Malware AVE
        TreendMicro Interscan Web Security
        Dropbox
        FoxIt PDF Toolkit
        (and many more)
      • #108640 Reply

        anonymous

        (and many more)

        Google Android 58 unique line items.

        10 Critical
        33 High
        15 Moderate

        google — android
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. 2017-04-07 not yet calculated CVE-2017-0575
        CONFIRM (link is external)
        google — android
        An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. 2017-04-05 not yet calculated CVE-2017-0329
        BID (link is external)
        CONFIRM (link is external)

        To read more, see the link above.

    • #108998 Reply

      anonymous

      This is something to be concerned about. Even if Google is able to fix “critical” issues, how will it trickle down to the manufacture’s firmware of all devices way back to KitKat?
      Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

      Google Android 58 unique line items.

      10 Critical
      33 High
      15 Moderate

      A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.

    • #109684 Reply

      Kirsty
      AskWoody MVP

      SB17-107: Vulnerability Summary for the Week of April 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-107

      Original release date: April 17, 2017

      This week’s vulnerability lists include:
      Adobe Acrobat Reader
      Adobe Flash Player v. 25.0.0.127
      Amazon Fire OS
      Apple MacOS X (10.6-10.6.3)
      Blackberry
      Brother MFC/DRP/HL/ADS Devices
      Cisco
      Google Android, Google Chrome
      Huawai
      LibreOffice
      Linux, Debian, Ubuntu
      Microsoft Windows, Office, Edge, IE, .net Framework
      Samsung Galaxy
      Symantec

      (and many, many more)

    • #110629 Reply

      Kirsty
      AskWoody MVP

      SB17-114: Vulnerability Summary for the Week of April 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-114

      Original release date: April 24, 2017

       
      This week’s vulnerability lists include:

      Apple iOS pre 9.3.2
      Apple OS X pre 10.11.5
      Apple tvOS pre 9.2.1
      C / C++
      Cisco
      D-Link Wireless Range Extenders
      Google Android
      LibreOffice
      Linux
      Moodle
      Netgear
      Opera
      PHP
      Symantec

      (and many, many more)

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: NCAS Weekly Vulnerability Summary

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.