Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • NCAS Weekly Vulnerability Summary

    Home Forums Code Red – Security advisories NCAS Weekly Vulnerability Summary

    Topic Resolution: Not a Question

    This topic contains 22 replies, has 4 voices, and was last updated by  Kirsty 13 hours, 46 minutes ago.

    • Author
      Posts
    • #102847 Reply

      PhotM
      AskWoody Lounger

      U.S. Department of Homeland Security US-CERT
      National Cyber Awareness System:

      SB17-079: Vulnerability Summary for the Week of March 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-079

      03/20/2017 09:37 AM EDT

      Original release date: March 20, 2017

      The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

      The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

      High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

      Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

      Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

      Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

      High Vulnerabilities

      ………

      ----------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon 6880, Neither Over Clocked

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

      Best Regards,

      Crysta

      • This topic was modified 3 months, 4 weeks ago by  Kirsty. Reason: Title edited
      • This topic was modified 3 months, 1 week ago by  Kirsty.
    • #105796 Reply

      Kirsty
      AskWoody MVP

      SB17-086: Vulnerability Summary for the Week of March 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-086

      Original release date: March 27, 2017

      This week’s vulnerability lists include:
      Linux
      Ubuntu
      Raspberry Pi
      BitDefender 12
      TrendMicro 11
      Cisco Webex
      Huawai DSM
      (and many more)

    • #106826 Reply

      Kirsty
      AskWoody MVP

      SB17-093:  Vulnerability Summary for the Week of March 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-093

      Original release date: April 03, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS pre-10.12.4
        Samsung Galaxy
        Linux
        Debian Linux
        Ubuntu Linux
        Gitlab
        Php to 7.1.3
        Netflix Security Monkey
        Moodle
        (and many more)
    • #108618 Reply

      Kirsty
      AskWoody MVP

      SB17-100: Vulnerability Summary for the Week of April 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-100

      Original release date: April 10, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS X pre-10.12.4
        Apple iCloud pre-6.2
        Apple iTunes pre-12.6
        Apple tvOS pre-10.2
        Safari
        Linux
        Google Android
        Huawai
        Cisco
        D-Link
        McAfee Anti-Malware AVE
        TreendMicro Interscan Web Security
        Dropbox
        FoxIt PDF Toolkit
        (and many more)
      • #108640 Reply

        anonymous

        (and many more)

        Google Android 58 unique line items.

        10 Critical
        33 High
        15 Moderate

        google — android
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. 2017-04-07 not yet calculated CVE-2017-0575
        CONFIRM (link is external)
        google — android
        An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. 2017-04-05 not yet calculated CVE-2017-0329
        BID (link is external)
        CONFIRM (link is external)

        To read more, see the link above.

    • #108998 Reply

      anonymous

      This is something to be concerned about. Even if Google is able to fix “critical” issues, how will it trickle down to the manufacture’s firmware of all devices way back to KitKat?
      Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

      Google Android 58 unique line items.

      10 Critical
      33 High
      15 Moderate

      A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.

    • #109684 Reply

      Kirsty
      AskWoody MVP

      SB17-107: Vulnerability Summary for the Week of April 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-107

      Original release date: April 17, 2017

      This week’s vulnerability lists include:
      Adobe Acrobat Reader
      Adobe Flash Player v. 25.0.0.127
      Amazon Fire OS
      Apple MacOS X (10.6-10.6.3)
      Blackberry
      Brother MFC/DRP/HL/ADS Devices
      Cisco
      Google Android, Google Chrome
      Huawai
      LibreOffice
      Linux, Debian, Ubuntu
      Microsoft Windows, Office, Edge, IE, .net Framework
      Samsung Galaxy
      Symantec

      (and many, many more)

    • #110629 Reply

      Kirsty
      AskWoody MVP

      SB17-114: Vulnerability Summary for the Week of April 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-114

      Original release date: April 24, 2017

       
      This week’s vulnerability lists include:

      Apple iOS pre 9.3.2
      Apple OS X pre 10.11.5
      Apple tvOS pre 9.2.1
      C / C++
      Cisco
      D-Link Wireless Range Extenders
      Google Android
      LibreOffice
      Linux
      Moodle
      Netgear
      Opera
      PHP
      Symantec

      (and many, many more)

    • #112264 Reply

      Kirsty
      AskWoody MVP

      SB17-121: Vulnerability Summary for the Week of April 24, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-121

      Original release date: May 01, 2017

       
      This week’s vulnerability lists include:

      Apple Quicktime
      Apple Safari
      Avast
      D-Link DCS Cameras
      D-Link Firmware
      Google Android
      Google Chrome
      Hyundai Blue Link
      Linux
      Netgear Firmware
      NVidia Video Driver for Android
      Oracle
      TP-Link Firmware
      Trend Micro
      7-Zip32

      (and many, many more)

    • #113475 Reply

      Kirsty
      AskWoody MVP

      SB17-128: Vulnerability Summary for the Week of May 1, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-128

      Original release date: May 08, 2017

       
      Only 3 listed as High Vulnerability, and none of the “usual suspects” above listed in known vulnerabilities, this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      FOREX.com FOREXTrader for iPhone
      Foxit PDF/Reader
      Iodata Webcam Firmware
      LibreOffice
      Linux
      OpenSSL
      Panda Security
      PayQuicker iOS App
      QuickHeal Internet Security
      Sandisk Memory Card (SDHC/SDXC)
      Trend Micro OfficeScan

      (and many more)

      1 user thanked author for this post.
    • #115532 Reply

      Kirsty
      AskWoody MVP

      SB17-135: Vulnerability Summary for the Week of May 8, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-135

      Original release date: May 15, 2017

       
      Only a few quantified vulnerabilities again this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      Adobe Flash Player
      Google Android
      Linux Kernel
      MS Edge
      MS Explorer
      MS Office
      Panda Mobile Security
      Qualcomm
      others already discussed elsewhere on askwoody.com

      (and many more)

    • #117832 Reply

      Kirsty
      AskWoody MVP

      SB17-142: Vulnerability Summary for the Week of May 15, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-142

      Original release date: May 22, 2017

       
      Google Android and Linux Kernel both have long lists of high- and medium-grade vulnerabilities.

      Severity Not Yet Assigned vulnerability list includes:

      Cisco
      Google Android
      iOS apps
      Linux Kernel
      Microsoft browsers
      Microsoft Office
      Microsoft SMBv1
      Microsoft Windows

      and many more.

      1 user thanked author for this post.
    • #118809 Reply

      Kirsty
      AskWoody MVP

      SB17-149 – Vulnerability Summary for the Week of May 22, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-149

      Original release date: May 29, 2017 | Last revised: May 30, 2017

       
      This week’s vulnerability lists include:

      Apple iOS, MacOS, tvOS, watchOS, Safari
      Linux Kernel
      7-Zip
      BMW 330i Bluetooth Stack
      Cisco
      Evernote
      Google Chrome
      Huawai
      Lenovo
      Microsoft Malware Protection Engine
      Pegasus Mail
      TrendMicro ServerProtect
      VLC

      and many, many more

    • #120034 Reply

      Kirsty
      AskWoody MVP

      SB17-156: Vulnerability Summary for the Week of May 29, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-156

      Original release date: June 05, 2017

       
      Only 11 entries in the assigned vulnerabilities lists this week, with no High vulnerabilities. Linux Kernel is mentioned as a Medium vulnerability.

      On the Unassigned list:
      Microsoft Malware Protection Engine
      VLC Media Player
      VMware

      and several more

    • #120550 Reply

      Kirsty
      AskWoody MVP

      SB17-163: Vulnerability Summary for the Week of June 5, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-163

      Original release date: June 12, 2017

       
      This week’s vulnerability lists include:

      Google Android
      AdBlock
      AMD fglrx-driver
      Apple Mac Sleipnir 4
      ARM Trusted Firmware
      Cisco
      Huawai
      I-O Data
      Lenovo
      Windows 7, Vista
      Samsung S6 Mobile
      Ubuntu – Debian
      VMWare

      and many, many more

    • #121726 Reply

      Kirsty
      AskWoody MVP

      SB17-170: Vulnerability Summary for the Week of June 12, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-170

      Original release date: June 19, 2017

       
      This week’s vulnerability lists include:

      Google Android
      Linux Kernel
      Cisco
      D-Link Wireless N300 Router
      Various iOS Banking Apps
      Microsoft Office, Skype, Windows etc.

      and many, many more

    • #122527 Reply

      Kirsty
      AskWoody MVP

      SB17-177: Vulnerability Summary for the Week of June 19, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-177

      Original release date: June 26, 2017

       
      This week’s vulnerability lists include:

      Adobe Digital Editions
      Adobe Flash Player
      Adobe ShockWave
      Linux Kernel
      Microsoft Windows (XP to SP3, & Server 2003 to SP2)

      and many more

    • #123327 Reply

      Kirsty
      AskWoody MVP

      SB17-184: Vulnerability Summary for the Week of June 26, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-184

      Original release date: July 03, 2017

       
      This week’s vulnerability lists include:

      Linux Kernel
      Microsoft Internet Explorer (6-11)
      OpenVPN
      Adobe “Multiple Products”, incl. Flash Player, AIR
      Cisco
      Huawai
      Lenovo
      Microsoft “Multiple Products”, incl. Skype, WinOS, MMPE, Azure
      Samsung Galaxy S6
      Symantec
      TP-Link
      VLC Media Player

      and many more

    • #124277 Reply

      Kirsty
      AskWoody MVP

      SB17-191: Vulnerability Summary for the Week of July 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-191

      Original release date: July 10, 2017

       
      This week’s vulnerability lists include:

      Cisco
      VLC Media Player
      Apple Quicktime for Windows
      Brother MFC-J960DWN firmware
      Google Android (numerous vulnerabilities)
      Linux Kernel
      Notepad ++
      NVidia Android Sound Driver
      Toshiba Home Gateway firmware

      and many, many more

      • #124280 Reply

        ch100
        AskWoody MVP

        Windows, Office, IE are not in the list!
        It looks like the price for security in Windows is to destroy some of the functionality, as it was/is the case with the Outlook patches from June 2017.

    • #125293 Reply

      Kirsty
      AskWoody MVP

      SB17-198: Vulnerability Summary for the Week of July 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-198

      Original release date: July 17, 2017

       
      On this week’s High Vulnerability list:

      Cisco
      Foxit Reader
      Linux Kernel
      McAfee ATD
      Microsoft:
      Edge,
      Excel,
      IE,
      Office, &
      Windows;
      PHP
      Toshiba Home Gateway

      as well as many, many Medium and Low Vulnerabilities, and even more with Severity Not Yet Assigned…

      2 users thanked author for this post.
    • #126823 Reply

      Kirsty
      AskWoody MVP

      SB17-205: Vulnerability Summary for the Week of July 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-205

      Original release date: July 24, 2017

       
      This weeks vulnerability lists include:

      Apple iOS, MacOS, tvOS, WatchOS
      Apple iCloud, iTunes, Safari
      Cisco
      Google Android
      Linux Kernel
      Microsoft Edge

      and many, many more

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: NCAS Weekly Vulnerability Summary

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.