Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • NCAS Weekly Vulnerability Summary

    Home Forums Code Red – Security advisories NCAS Weekly Vulnerability Summary

    Topic Resolution: Not a Question

    This topic contains 79 replies, has 7 voices, and was last updated by  Kirsty 2 days, 14 hours ago.

    • Author
      Posts
    • #102847 Reply

      PhotM
      AskWoody Lounger

      U.S. Department of Homeland Security US-CERT
      National Cyber Awareness System:

      SB17-079: Vulnerability Summary for the Week of March 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-079

      03/20/2017 09:37 AM EDT

      Original release date: March 20, 2017

      The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

      The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

      High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

      Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

      Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

      Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

      High Vulnerabilities

      ………

      --------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon RX 580, Neither Over Clocked

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

      Best Regards,

      Crysta

      • This topic was modified 1 year, 4 months ago by  Kirsty. Reason: Title edited
      • This topic was modified 1 year, 4 months ago by  Kirsty.
    • #105796 Reply

      Kirsty
      AskWoody MVP

      SB17-086: Vulnerability Summary for the Week of March 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-086

      Original release date: March 27, 2017

      This week’s vulnerability lists include:
      Linux
      Ubuntu
      Raspberry Pi
      BitDefender 12
      TrendMicro 11
      Cisco Webex
      Huawai DSM
      (and many more)

    • #106826 Reply

      Kirsty
      AskWoody MVP

      SB17-093:  Vulnerability Summary for the Week of March 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-093

      Original release date: April 03, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS pre-10.12.4
        Samsung Galaxy
        Linux
        Debian Linux
        Ubuntu Linux
        Gitlab
        Php to 7.1.3
        Netflix Security Monkey
        Moodle
        (and many more)
    • #108618 Reply

      Kirsty
      AskWoody MVP

      SB17-100: Vulnerability Summary for the Week of April 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-100

      Original release date: April 10, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS X pre-10.12.4
        Apple iCloud pre-6.2
        Apple iTunes pre-12.6
        Apple tvOS pre-10.2
        Safari
        Linux
        Google Android
        Huawai
        Cisco
        D-Link
        McAfee Anti-Malware AVE
        TreendMicro Interscan Web Security
        Dropbox
        FoxIt PDF Toolkit
        (and many more)
      • #108640 Reply

        anonymous

        (and many more)

        Google Android 58 unique line items.

        10 Critical
        33 High
        15 Moderate

        google — android
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. 2017-04-07 not yet calculated CVE-2017-0575
        CONFIRM (link is external)
        google — android
        An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. 2017-04-05 not yet calculated CVE-2017-0329
        BID (link is external)
        CONFIRM (link is external)

        To read more, see the link above.

    • #108998 Reply

      anonymous

      This is something to be concerned about. Even if Google is able to fix “critical” issues, how will it trickle down to the manufacture’s firmware of all devices way back to KitKat?
      Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

      Google Android 58 unique line items.

      10 Critical
      33 High
      15 Moderate

      A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.

    • #109684 Reply

      Kirsty
      AskWoody MVP

      SB17-107: Vulnerability Summary for the Week of April 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-107

      Original release date: April 17, 2017

      This week’s vulnerability lists include:
      Adobe Acrobat Reader
      Adobe Flash Player v. 25.0.0.127
      Amazon Fire OS
      Apple MacOS X (10.6-10.6.3)
      Blackberry
      Brother MFC/DRP/HL/ADS Devices
      Cisco
      Google Android, Google Chrome
      Huawai
      LibreOffice
      Linux, Debian, Ubuntu
      Microsoft Windows, Office, Edge, IE, .net Framework
      Samsung Galaxy
      Symantec

      (and many, many more)

      1 user thanked author for this post.
    • #110629 Reply

      Kirsty
      AskWoody MVP

      SB17-114: Vulnerability Summary for the Week of April 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-114

      Original release date: April 24, 2017

       
      This week’s vulnerability lists include:

      Apple iOS pre 9.3.2
      Apple OS X pre 10.11.5
      Apple tvOS pre 9.2.1
      C / C++
      Cisco
      D-Link Wireless Range Extenders
      Google Android
      LibreOffice
      Linux
      Moodle
      Netgear
      Opera
      PHP
      Symantec

      (and many, many more)

    • #112264 Reply

      Kirsty
      AskWoody MVP

      SB17-121: Vulnerability Summary for the Week of April 24, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-121

      Original release date: May 01, 2017

       
      This week’s vulnerability lists include:

      Apple Quicktime
      Apple Safari
      Avast
      D-Link DCS Cameras
      D-Link Firmware
      Google Android
      Google Chrome
      Hyundai Blue Link
      Linux
      Netgear Firmware
      NVidia Video Driver for Android
      Oracle
      TP-Link Firmware
      Trend Micro
      7-Zip32

      (and many, many more)

    • #113475 Reply

      Kirsty
      AskWoody MVP

      SB17-128: Vulnerability Summary for the Week of May 1, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-128

      Original release date: May 08, 2017

       
      Only 3 listed as High Vulnerability, and none of the “usual suspects” above listed in known vulnerabilities, this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      FOREX.com FOREXTrader for iPhone
      Foxit PDF/Reader
      Iodata Webcam Firmware
      LibreOffice
      Linux
      OpenSSL
      Panda Security
      PayQuicker iOS App
      QuickHeal Internet Security
      Sandisk Memory Card (SDHC/SDXC)
      Trend Micro OfficeScan

      (and many more)

      1 user thanked author for this post.
    • #115532 Reply

      Kirsty
      AskWoody MVP

      SB17-135: Vulnerability Summary for the Week of May 8, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-135

      Original release date: May 15, 2017

       
      Only a few quantified vulnerabilities again this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      Adobe Flash Player
      Google Android
      Linux Kernel
      MS Edge
      MS Explorer
      MS Office
      Panda Mobile Security
      Qualcomm
      others already discussed elsewhere on askwoody.com

      (and many more)

    • #117832 Reply

      Kirsty
      AskWoody MVP

      SB17-142: Vulnerability Summary for the Week of May 15, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-142

      Original release date: May 22, 2017

       
      Google Android and Linux Kernel both have long lists of high- and medium-grade vulnerabilities.

      Severity Not Yet Assigned vulnerability list includes:

      Cisco
      Google Android
      iOS apps
      Linux Kernel
      Microsoft browsers
      Microsoft Office
      Microsoft SMBv1
      Microsoft Windows

      and many more.

      1 user thanked author for this post.
    • #118809 Reply

      Kirsty
      AskWoody MVP

      SB17-149 – Vulnerability Summary for the Week of May 22, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-149

      Original release date: May 29, 2017 | Last revised: May 30, 2017

       
      This week’s vulnerability lists include:

      Apple iOS, MacOS, tvOS, watchOS, Safari
      Linux Kernel
      7-Zip
      BMW 330i Bluetooth Stack
      Cisco
      Evernote
      Google Chrome
      Huawai
      Lenovo
      Microsoft Malware Protection Engine
      Pegasus Mail
      TrendMicro ServerProtect
      VLC

      and many, many more

    • #120034 Reply

      Kirsty
      AskWoody MVP

      SB17-156: Vulnerability Summary for the Week of May 29, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-156

      Original release date: June 05, 2017

       
      Only 11 entries in the assigned vulnerabilities lists this week, with no High vulnerabilities. Linux Kernel is mentioned as a Medium vulnerability.

      On the Unassigned list:
      Microsoft Malware Protection Engine
      VLC Media Player
      VMware

      and several more

    • #120550 Reply

      Kirsty
      AskWoody MVP

      SB17-163: Vulnerability Summary for the Week of June 5, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-163

      Original release date: June 12, 2017

       
      This week’s vulnerability lists include:

      Google Android
      AdBlock
      AMD fglrx-driver
      Apple Mac Sleipnir 4
      ARM Trusted Firmware
      Cisco
      Huawai
      I-O Data
      Lenovo
      Windows 7, Vista
      Samsung S6 Mobile
      Ubuntu – Debian
      VMWare

      and many, many more

    • #121726 Reply

      Kirsty
      AskWoody MVP

      SB17-170: Vulnerability Summary for the Week of June 12, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-170

      Original release date: June 19, 2017

       
      This week’s vulnerability lists include:

      Google Android
      Linux Kernel
      Cisco
      D-Link Wireless N300 Router
      Various iOS Banking Apps
      Microsoft Office, Skype, Windows etc.

      and many, many more

    • #122527 Reply

      Kirsty
      AskWoody MVP

      SB17-177: Vulnerability Summary for the Week of June 19, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-177

      Original release date: June 26, 2017

       
      This week’s vulnerability lists include:

      Adobe Digital Editions
      Adobe Flash Player
      Adobe ShockWave
      Linux Kernel
      Microsoft Windows (XP to SP3, & Server 2003 to SP2)

      and many more

    • #123327 Reply

      Kirsty
      AskWoody MVP

      SB17-184: Vulnerability Summary for the Week of June 26, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-184

      Original release date: July 03, 2017

       
      This week’s vulnerability lists include:

      Linux Kernel
      Microsoft Internet Explorer (6-11)
      OpenVPN
      Adobe “Multiple Products”, incl. Flash Player, AIR
      Cisco
      Huawai
      Lenovo
      Microsoft “Multiple Products”, incl. Skype, WinOS, MMPE, Azure
      Samsung Galaxy S6
      Symantec
      TP-Link
      VLC Media Player

      and many more

    • #124277 Reply

      Kirsty
      AskWoody MVP

      SB17-191: Vulnerability Summary for the Week of July 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-191

      Original release date: July 10, 2017

       
      This week’s vulnerability lists include:

      Cisco
      VLC Media Player
      Apple Quicktime for Windows
      Brother MFC-J960DWN firmware
      Google Android (numerous vulnerabilities)
      Linux Kernel
      Notepad ++
      NVidia Android Sound Driver
      Toshiba Home Gateway firmware

      and many, many more

      • #124280 Reply

        ch100
        AskWoody MVP

        Windows, Office, IE are not in the list!
        It looks like the price for security in Windows is to destroy some of the functionality, as it was/is the case with the Outlook patches from June 2017.

        1 user thanked author for this post.
    • #125293 Reply

      Kirsty
      AskWoody MVP

      SB17-198: Vulnerability Summary for the Week of July 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-198

      Original release date: July 17, 2017

       
      On this week’s High Vulnerability list:

      Cisco
      Foxit Reader
      Linux Kernel
      McAfee ATD
      Microsoft:
      Edge,
      Excel,
      IE,
      Office, &
      Windows;
      PHP
      Toshiba Home Gateway

      as well as many, many Medium and Low Vulnerabilities, and even more with Severity Not Yet Assigned…

      2 users thanked author for this post.
    • #126823 Reply

      Kirsty
      AskWoody MVP

      SB17-205: Vulnerability Summary for the Week of July 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-205

      Original release date: July 24, 2017

       
      This weeks vulnerability lists include:

      Apple iOS, MacOS, tvOS, WatchOS
      Apple iCloud, iTunes, Safari
      Cisco
      Google Android
      Linux Kernel
      Microsoft Edge

      and many, many more

      2 users thanked author for this post.
    • #128047 Reply

      Kirsty
      AskWoody MVP

      SB17-212: Vulnerability Summary for the Week of July 24, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-212

      Original release date: July 31, 2017

       
      For a change, none of the “usual suspects” appear in the allocated vulnerability lists; these are among the not-yet-assigned vulnerability list:

      Avira AV
      Cisco
      Google Android, Chrome
      Intel Processors
      Linux Kernel
      Netcomm Wireless Routers
      NVidia Windows GPU Display Drvier
      Panda Security
      VMWare

      and many more

      • #128048 Reply

        ch100
        AskWoody MVP

        The Intel Processors vulnerability could be considered a very important one.
        However, this may or may not be a real threat, like many others so called security flaws which are only of academic significance, while in practice is close to impossible to exploit them.

        1 user thanked author for this post.
        • #128133 Reply

          Kirsty
          AskWoody MVP

          The Intel “SGX Update” advisory, INTEL-SA-00076, rates the Elevation of Privilege severity as Critical, but the list of affected products appear to be mainly server and some client systems (NUC/Compute Stick).

          Recommendations:
          This update improves the security of Intel® Software Guard Extensions (Intel® SGX) and is strongly recommended.

          While this firmware update prevents exploitation of the issue on systems running SGX, Intel also provides an SGX Attestation service to allow service providers to know whether clients have the latest security updates. Intel plans to update the SGX Attestation Service response on November 14, 2017. On platforms that have not installed the update, SGX applications using the SGX Attestation Service will begin to receive “out of date” responses from the SGX Attestation Service. Applications using SGX may or may not take action based on this information.

      • #128052 Reply

        Noel Carboni
        AskWoody MVP

        Wow, no Windows vulnerabilities listed at all. That’s impressive.

        Toward the bottom of the report…

        NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.

        Stuff like this always worries me a little, in that the obvious fix is to add that “missing permissions check”. Trouble is, doing so might slow everything down or create unexpected couplings. Perhaps that check is “missing” in a high-use section of the code. We are talking about a display driver here where changes to performance could be very visible and potentially disruptive.

        Secondary to that it’s all fine and good to want robust software, but software that presumes a system WILL be compromised and constantly takes measures deep within to protect itself from itself can be way less efficient than software that can run unfettered, secure in the knowledge that the system is protected from infection at a higher level. It’s a bit like a company where every employee checks the credentials of every other employee on a moment by moment basis. Sure, no one is going to be fooled by an imposter, but no one really gets much done either. Wouldn’t it be better to just check the credentials at the front door?

        -Noel

        • #128130 Reply

          Kirsty
          AskWoody MVP

          Security Bulletin: NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler
          https://nvidia.custhelp.com/app/answers/detail/a_id/4525
          Answer ID 4525 | Updated July 31, 2017

          NVIDIA GPU display driver vulnerabilities may lead to denial of service or possible escalation of privileges

           
          The above security bulletin contains details of the affected products and driver fixes, with a link to the driver download page.

          1 user thanked author for this post.
          • #128157 Reply

            Noel Carboni
            AskWoody MVP

            I downloaded their latest driver (385.48) for my card early this morning. I worked with the system all day, and it’s running perfectly. There was only a small degradation in one of the Passmark PerformanceTest benchmarks, while there was a slight improvement in a few others. All in all, the scores before and after added up to about the same.

            -Noel

            • #128158 Reply

              Kirsty
              AskWoody MVP

              v. 385.48 isn’t showing in NVidia’s list under “First version that includes the fix”… could that be a typo?

    • #128666 Reply

      Kirsty
      AskWoody MVP

      SB17-219: Vulnerability Summary for the Week of July 31, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-219

      Original release date: August 07, 2017

       
      Some of last week’s not-yet-assigned vulnerabilities appear in this week’s list categorised as High & Medium vulnerabilities.

      This week’s vulnerability lists include:
      Cisco
      Comcast
      Microsoft Outlook
      NetComm
      NVidia Windows GPU Driver
      TrendMicro
      IBM (various)
      VMWare
      F-Secure Online Scanner
      Linux Kernel

      and many more.

      1 user thanked author for this post.
    • #129621 Reply

      Kirsty
      AskWoody MVP

      SB17-226: Vulnerability Summary for the Week of August 7, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-226

      Original release date: August 14, 2017

       
      This week’s vulnerability lists include:
      Cisco
      Microsoft Edge, Internet Explorer, Win. Server 2016, Windows (various)
      Linux Kernel
      Oracle
      Google Android
      Adobe Acrobat Reader, Digital Editions & Experience Manager, Flash Player
      Debian
      TrendMicro
      VMWare

      & oodles more…

      1 user thanked author for this post.
    • #130456 Reply

      Kirsty
      AskWoody MVP

      SB17-233: Vulnerability Summary for the Week of August 14, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-233

      Original release date: August 21, 2017

       
      This week’s vulnerability lists include:

      Adobe Acrobat Reader, Digital Ediitions, Experience Manager & Flash Player
      Google Android
      Cisco
      D-Link
      FoxIt PDF
      Linux Kernel

      & and many more

      1 user thanked author for this post.
    • #130979 Reply

      Kirsty
      AskWoody MVP

      SB17-240: Vulnerability Summary for the Week of August 21, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-240

      Original release date: August 28, 2017

       
      This week’s vulnerability lists include:

      Google Android
      Linux Kernel
      D-Link Firmware
      Kaspersky IS for Android
      Samsung S4 & S6
      Ubuntu

      & many more

    • #132225 Reply

      Kirsty
      AskWoody MVP

      SB17-247: Vulnerability Summary for the Week of August 28, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-247-0

      Original release date: September 04, 2017

       
      On this week’s vulnerability lists:

      Linux Kernel
      Bitdefender Total Security
      D-Link Firmware
      FoxIt Reader
      Fuji Xerox
      Heimdal
      McAfee Live Safe

      & many more

    • #138861 Reply

      Kirsty
      AskWoody MVP

      Bulletin SB17-289: Vulnerability Summary for the Week of October 9, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-289

      Original release date: October 16, 2017

       
      Among this week’s extensive list with Severity Not Yet Assigned, are:

      Cisco Firmware
      Intel NUC Firmware
      JavaScript
      Linux (various)
      Microsoft Edge, Internet Explorer, Office, Outlook, Windows, Sharepoint, Web Apps, etc.

      & many, many more

    • #140801 Reply

      Kirsty
      AskWoody MVP

      SB17-296: Vulnerability Summary for the Week of October 16, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-296

      Original release date: October 23, 2017

       
      This week’s very long list of vulnerabilities include, among others:

      Microsoft – various:
      “Scripting Engine Memory Corruption Vulnerability”, “Windows Kernel Information Disclosure Vulnerability” et al
      Oracle
      WPA/WPA2
      Blackberry
      Cisco
      Debian
      Google Android
      Huawei
      Infineon
      Linux Kernel
      NVidia
      TP-Link

      and many, many more

      1 user thanked author for this post.
    • #142584 Reply

      Kirsty
      AskWoody MVP

      SB17-303: Vulnerability Summary for the Week of October 23, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-303

      Original release date: October 30, 2017

       
      This week’s vulnerability lists include:

      Apple: macOS-X, iOS, AppleTV, iCloud, iTunes, Safari etc.
      FoxIt Reader
      Adobe Flash Player (27.0.0.159 and earlier)
      Cisco Webex Meetings Server
      D-Link
      Debian-Ubuntu
      Google Chrome
      Linux Kernel
      Symantec Endpoint Encryption, Encryption Desktop
      TP-Link
      WordPress

      and many, many more

    • #144592 Reply

      Kirsty
      AskWoody MVP

      SB17-310: Vulnerability Summary for the Week of October 30, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-310

      Original release date: November 06, 2017

       
      No High or Low vulnerabilities this week!

      On the “Severity Not Yet Assigned” list:
      BitDefender Internet Security 2018
      Cisco
      D-Link
      FoxIt Reader
      Google Android & Chrome
      Linux Kernel
      McAfee
      TP-Link
      Tor Browser

      and many, many more

    • #145536 Reply

      Kirsty
      AskWoody MVP

      SB17-317: Vulnerability Summary for the Week of November 6, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-317

      Original release date: November 13, 2017

       
      The categorised vulnerabilities entries are limited again this week, but in the uncategorised list:

      Disney Circle
      Linux Kernel
      Logitech Media Server
      Symantec Endpoint Protection
      Tor Browser

      and many more

    • #146676 Reply

      Kirsty
      AskWoody MVP

      SB17-324: Vulnerability Summary for the Week of November 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-324

      Original release date: November 20, 2017

       
      Again, no categorised vulnerabilities in this week’s list. In the Severity Not Yet Assigned list:
      Apple – various “multiple products”
      Microsoft – various “multiple products”
      Cisco
      D-Link
      Google Android
      Linux Kernel
      Realtek Audio Driver (in some Lenovo ThinkPads)
      VMWare

      and many more

    • #149098 Reply

      Kirsty
      AskWoody MVP

      SB17-331: Vulnerability Summary for the Week of November 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-331

      Original release date: November 27, 2017

       
      No quantified vulnerabilities again. From Severities Not Yet Assigned:

      Open Office
      Huawei Smartphones (multiple)
      Intel (various)
      Symantec
      VMWare

      and many more

    • #150373 Reply

      Kirsty
      AskWoody MVP

      SB17-338: Vulnerability Summary for the Week of November 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-338

      Original release date: December 04, 2017

       
      On this week’s vulnerability lists:

      Cisco Webex & others
      Adobe, incl. Flash
      Apple MacOS
      JavaScript
      Linux Kernel
      Samba
      TP-Link “multiple devices”

      and many more.

    • #154121 Reply

      Kirsty
      AskWoody MVP

      SB17-345: Vulnerability Summary for the Week of December 4, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-345

      Original release date: December 11, 2017 | Last revised: December 15, 2017

       
      There are no categorised risks this time. On the Severity Not Yet Assigned list:
      Adobe – multiple products
      Debian
      Dell Storage Manager & 233DM MF Laser Printer Firmware
      Google Android
      Kaspersky ESS
      Linux Kernel
      Microsoft Malware Protection Engine
      OpenSSL
      Qualcomm Android for MSM
      Tor
      VMWare

      & many more

    • #154122 Reply

      Kirsty
      AskWoody MVP

      SB17-352: Vulnerability Summary for the Week of December 11, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-352

      Original release date: December 18, 2017

       
      On this week’s extensive vulnerability lists:
      Adobe Acrobat/Reader, Photoshop, Connect, Digital Editions, Experience Manager, Flash Player, InDesign, Shockwave;
      Microsoft Internet Explorer, Device Guard, ChakraCore, Malware Protection Engine, Edge, Office 2016 CTR, Office 2013 SP1 & RT SP1, Sharepoint Enterprise Server 2016; Windows 7, Server 2008 and newer;
      Cisco Multiple Products
      D-Link
      Kaspersky ESS
      Linux Kernel
      Panda
      SAP
      Symantec-Norton
      TrendMicro
      VLan VLC
      Western Digital MyCloud

      and many, many more

    • #154540 Reply

      Kirsty
      AskWoody MVP

      SB17-359: Vulnerability Summary for the Week of December 18, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-359

      Original release date: December 25, 2017 | Last revised: December 26, 2017

       
      This week’s vulnerability lists include:

      BitDefender
      Cisco
      FoxIt Reader
      Huawei – multiple products
      IBM
      Linux Kernel
      Synology
      TP-Link – multiple products
      VLan VLC
      VMWare

      & many, many more

      1 user thanked author for this post.
    • #156362 Reply

      Kirsty
      AskWoody MVP

      SB18-001: Vulnerability Summary for the Week of December 25, 2017
      https://www.us-cert.gov/ncas/bulletins/SB18-001

      Original release date: January 01, 2018

       
      On this week’s vulnerability lists:

      Apple tvOS, MacOS, iOS, Safari; iCloud & iTunes on Windows
      Enigmail
      Google Play
      Linux Kernel
      Samsung Internet Browser 6.2.01.12, S6 Edge – Email Composer

      & many, many more

    • #159823 Reply

      Kirsty
      AskWoody MVP

      SB18-008: Vulnerability Summary for the Week of January 1, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-008-0

      Original release date: January 08, 2018

       
      Very few quantified vulnerabilities this week; from the Severity Not Yet Assigned list:

      Cisco Webex
      DuoLingo
      Linux Kernel
      Microsoft Edge, Internet Explorer, Windows etc.
      Oracle
      Samsung Multiple Mobile Devices
      VMWare

      & many, many more.

    • #159824 Reply

      Kirsty
      AskWoody MVP

      SB18-015: Vulnerability Summary for the Week of January 8, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-015

      Original release date: January 15, 2018

       
      Only one product populates this week’s High & Medium severity vulnerability list. From the Severity Not Yet Assigned list:

      Adobe Flash
      D-Link DSL Devices
      Google Android (multiple)
      Google Chrome
      Intel Driver & Support Assistant
      Linux Kernel
      Malwarebytes Premium
      Microsoft .NET, Office, Outlook, Sharepoint
      SAP
      Sophos Firewall
      Symantec ASG
      TP-Link – multiple devices
      VMWare

      & many, many more.

      1 user thanked author for this post.
    • #161324 Reply

      Kirsty
      AskWoody MVP

      SB18-022: Vulnerability Summary for the Week of January 15, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-022

      Original release date: January 22, 2018

       
      Oracle (multiple vulnerabilities) make up all the High, Meduim & Low vulnerabilities in this week’s list, and along with the Oracle entries in the Severity Not Yet Assigned list, I’d venture a bet that Oracle make up half of this week’s entries.

      Also on the Severity Not Yet Assigned list:
      Cisco
      Google Android
      Linux Kernel
      TrendMicro
      Yandex Browser

      and many more.

      1 user thanked author for this post.
    • #163114 Reply

      Kirsty
      AskWoody MVP

      SB18-029: Vulnerability Summary for the Week of January 22, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-029

      Original release date: January 29, 2018

       
      No categorised vulnerabilities again this week. In the Severity Not Yet Assigned list are, among others:

      HP: various/multiple products
      IBM: various/multiple products
      Lenovo
      Linux Kernel
      Microsoft Office (Equation Editor)
      Moodle
      TrendMicro

    • #165921 Reply

      Kirsty
      AskWoody MVP

      SB18-036: Vulnerability Summary for the Week of January 29, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-036

      Original release date: February 05, 2018

       
      No categorised vulnerabilities again this week. In the Severity Not Yet Assigned list are, among others:

      7-Zip
      Asus
      Cisco
      Linux Kernel

      and many others

    • #167325 Reply

      Kirsty
      AskWoody MVP

      SB18-043: Vulnerability Summary for the Week of February 5, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-043

      Original release date: February 12, 2018

       
      Again, no classified vulnerabilities; from this week’s Severity Not Yet Assigned list:

      Adobe Flash Player
      Audacity
      Cisco (multiple products)
      FoxIt Reader & PhantomPDF
      Google Android
      Google Chrome
      LibreOffice
      Linux Kernel
      MalwareFox AntiMalware
      Microsoft Internet Explorer 11
      TrendMicro
      Twitter Kit for iOS

      & many, many more

    • #168830 Reply

      Kirsty
      AskWoody MVP

      SB18-050: Vulnerability Summary for the Week of February 12, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-050

      Original release date: February 19, 2018

       
      Again, no categorised vulnerabilities, but an extensive list deemed “Severity Not Yet Assigned”, including:
      Dell EMC Support Assistant: Enterprise
      Google Android
      Huawei
      IBM
      Linux Kernel
      Microsoft: ChakraCore, Edge, Internet Explorer, Office, Outlook, Sharepoint, Windows, Windows Kernel
      SAP
      TrendMicro
      Ubuntu

      and a host more.

      1 user thanked author for this post.
    • #172305 Reply

      Kirsty
      AskWoody MVP

      SB18-057: Vulnerability Summary for the Week of February 19, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-057

      Original release date: February 26, 2018

       
      Another long list of uncategorised vulnerabilties, with none catergorised yet again. On the Severity Not Yet Assigned list:

      Adobe ShockWave Player
      Cisco
      Google Android
      IBM
      Linux Kernel
      Seagate BlackArmor NAS
      Symantec
      Synology
      TrendMicro

      and many more.

    • #172755 Reply

      Kirsty
      AskWoody MVP

      SB18-064: Vulnerability Summary for the Week of February 26, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-064

      Original release date: March 05, 2018

       
      In this week’s Severity Not Yet Assigned list:

      Adobe Reader
      Adobe Experience Manager
      FoxIt MobilePDF
      IBM
      Linux Kernel
      Microsoft Windows (Vista – 8.1, before KB30862525 KB3086255)
      PureVPN
      SAP

      and many more.

      3 users thanked author for this post.
    • #184600 Reply

      Kirsty
      AskWoody MVP

      SB18-071: Vulnerability Summary for the Week of March 5, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-071

      Original release date: March 12, 2018

       
      Again, no categorised vulnerabilities (many Severity Not Yet Assigned vulnerabilities)
       

       
      SB18-078: Vulnerability Summary for the Week of March 12, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-078

      Original release date: March 19, 2018

       
      Again, no categorised vulnerabilities (many Severity Not Yet Assigned vulnerabilities)
       

       
      SB18-085: Vulnerability Summary for the Week of March 19, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-085

      Original release date: March 26, 2018

       
      Again, no categorised vulnerabilities (many Severity Not Yet Assigned vulnerabilities)

    • #184601 Reply

      Kirsty
      AskWoody MVP

      SB18-092: Vulnerability Summary for the Week of March 26, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-092

      Original release date: April 02, 2018

       
      This week’s bulletin contains numerous Medium Severity Vulnerabilities affecting 5 products. In addition, there are Severity Not Yet Assigned Vulnerabilities affecting, among others:

      Cisco
      D-Link
      Google Android
      IBM
      Linux Kernel
      NordVPN
      Opera Browser
      Qualcomm Android
      Samsung Mobile Devices
      Symantec
      Twonky Server
      WD MyCloud

      1 user thanked author for this post.
    • #184602 Reply

      Kirsty
      AskWoody MVP

      SB18-099: Vulnerability Summary for the Week of April 2, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-099

      Original release date: April 09, 2018

       
      Again, no categorised vulnerabilities. This week’s list of Severity Not Yet Assigned Vulnerabilities include:

      Apple: iOS, MacOS, tvOS, WatchOS, Safari, iCloud, iTunes
      Asus Routers
      BitDefender AntiVirus
      Cisco iOS XE software
      D-Link
      FreeBSD
      Google Android
      Linux Kernel
      McAfee multiple products
      Microsoft Malware Protection Engine & Windows Kernel
      Nvidia
      Qualcomm Android

      & many more

      2 users thanked author for this post.
    • #185683 Reply

      Kirsty
      AskWoody MVP

      SB18-106: Vulnerability Summary for the Week of April 9, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-106

      Original release date: April 16, 2018

       
      The categorised vulnerabilities listed are not common consumer products. However, on the Severity Not Yet Assigned list:

      Apple: iOS, MacOS
      D-Link
      FreeBSD
      Google Chrome: Video Downloader Pro extension
      Huawai
      Linux Kernel
      Qualcomm Android
      SAP
      Symantec
      VMWare
      Microsoft (a very long list, this may not be inclusive): Edge, Internet Explorer, SharePoint, SharePoint Server Excel, Excel Viewer, Word, Office, Windows, Windows Kernel, ChakraCore, Wireless Keyboard 850…

      & many more.

      1 user thanked author for this post.
    • #187056 Reply

      Kirsty
      AskWoody MVP

      SB18-113: Vulnerability Summary for the Week of April 16, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-113

      Original release date: April 23, 2018

       
      Only one categorised vulnerability this week, but another long list of Severity Not Yet Assigned vulnerabilities, including:

      7-Zip
      Asus Routers
      Belkin Routers
      Cisco
      D-Link
      FoxIt PDF Reader
      Huawei
      Kaspersky Password Manager
      LibreOffice
      Linux Kernel
      Microsoft Internet Explorer
      Microsoft Windows 10
      NordVPN
      Oracle
      PureVPN
      Qualcomm Android
      Symantec
      VMWare

      and many more

    • #189199 Reply

      Kirsty
      AskWoody MVP

      SB18-120: Vulnerability Summary for the Week of April 23, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-120

      Original release date: April 30, 2018

       
      Another long list of uncategorised vulnerabilties, with none catergorised yet again. On the Severity Not Yet Assigned list:

      Corel Draw & PhotoPain x8
      FoxIt PDF Reader, PhantomPDF
      Huawei
      Linux Kernel
      Paypal WebHybridClient for Android
      Seagate Personal Cloud
      Siemens
      TunnelBear

      & many more

      1 user thanked author for this post.
    • #191084 Reply

      Kirsty
      AskWoody MVP

      SB18-127: Vulnerability Summary for the Week of April 30, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-127

      Original release date: May 07, 2018

       
      Another long list of uncategorised vulnerabilties, with none catergorised yet again. On the Severity Not Yet Assigned list:

      7-Zip
      Cisco
      D-Link
      Google Android
      Huawei
      Lenovo
      LibreOffice
      Linux Kernel
      Microsoft Windows
      Nvidia
      SaferVPN
      TP-Link
      VMWare

      and many more

      1 user thanked author for this post.
    • #192630 Reply

      Kirsty
      AskWoody MVP

      SB18-134: Vulnerability Summary for the Week of May 7, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-134

      Original release date: May 14, 2018

       
      Another long list of uncategorised vulnerabilties, with none catergorised yet again. On the Severity Not Yet Assigned list:

      D-Link
      Google Android
      Huawei
      Intel NUC Kits
      Intel Wireless AC Products
      Linux Kernel
      Microsoft: .NET, Azure, Internet Explorer, Edge, Exchange Server, InfoPath, “Multiple Products”, Office & Excel, Office & Word, SharePoint, Windows etc.
      OS Kernels – Multiple Vendors (incl. Ubuntu, Debian)
      SAP
      Synology

      and many, many more

    • #193562 Reply

      Kirsty
      AskWoody MVP

      SB18-141: Vulnerability Summary for the Week of May 14, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-141

      Original release date: May 21, 2018

       
      Another long list of uncategorised vulnerabilties, with none catergorised yet again. On the Severity Not Yet Assigned list:

      Adobe Acrobat and Reader, ColdFusion, Connect, Creative Cloud Desktop Application, Digital Editions, Dreamweaver CC, Experience Manager, Flash Player, InDesign, PhoneGap Push Plugin
      Asus
      Cisco
      D-Link
      FoxIt Reader
      Linux Kernel
      Multiple email clients – S/Mime EFail vulnerability
      Qualcomm Android
      Red Hat
      Symantec

      & many more

      1 user thanked author for this post.
    • #194971 Reply

      Kirsty
      AskWoody MVP

      SB18-148: Vulnerability Summary for the Week of May 21, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-148

      Original release date: May 28, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Adobe Acrobat & Reader, ColdFusion, Connect, Creative Cloud Desktop Application, Digital Editions, Dreamweaver CC, Experience Manager, Flash Player, InDesign, PhoneGap Push Plugin
      Citrix
      D-Link Router DSL-3782
      FoxIt Reader & PhantomPDF
      Huawei
      Linux Kernel
      McAfee
      Microsoft Office, Windows Server 2016, Windows 10, Windows 10 Servers
      Moodle
      “Multiple Vendors – Multiple Products” (Rogue System Register Read (RSRE), Variant 3a; Speculative Store Bypass (SSB), Variant 4)
      TrendMicro
      VMWare

      & many more.

    • #196104 Reply

      Kirsty
      AskWoody MVP

      SB18-155: Vulnerability Summary for the Week of May 28, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-155

      Original release date: June 04, 2018

       
      On this week’s Severity Not Yet Assigned list:

      BMW – multiple vehicles
      Brother HL-L2340D and HL-L2380DW series printers
      Google Android
      Groupon
      Huawei – multiple smartphones, servers etc.
      Linux Kernel
      Moodle
      Symantec ASG
      Synology Drive
      TP-Link
      Ubuntu
      VLC Media Player
      VMWare

      & many more

      2 users thanked author for this post.
    • #197438 Reply

      Kirsty
      AskWoody MVP

      SB18-162: Vulnerability Summary for the Week of June 4, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-162

      Original release date: June 11, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Apple iOS, macOS, iCloud, iTunes, watchOS, tvOS, Safari, Swift (for Ubuntu);
      Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices, MF210 and MF220 web interface, web interfaces for LBP7110Cw & LBP6030w;
      Cisco
      Foxit PDF Reader
      Linux Kernel
      McAfee
      Qualcomm Android
      Synology
      TP-Link
      TrendMicro

      & many, many more

      1 user thanked author for this post.
    • #199389 Reply

      Kirsty
      AskWoody MVP

      SB18-169: Vulnerability Summary for the Week of June 11, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-169

      Original release date: June 18, 2018

       
      For the first time in quite a few weeks, there are High Vulnerabilities this week; both are for Microsoft Windows 10.

      On the Severity Not Yet Assigned list:
      Apple iOS, macOS, OSX, Safari, Multiple Products (incl. TvOS, iCloud)
      Enigmail
      Huawei
      Linux Kernel
      McAfee
      Microsoft Edge, ChakraCore, Internet Explorer, Office, Outlook, Publisher, SharePoint, Windows (multliple)
      Mozilla Firefox & Firefox ESR, Thunderbird, Multiple Products
      Pale Moon
      Qualcomm Android
      SAP
      TrendMicro
      VMWare

      & many more

      2 users thanked author for this post.
      • #199431 Reply

        OscarCP
        AskWoody Lounger

        Kirsty,

        This could be related — and, perhaps, also reassuring:

        Both Firefox and Waterforx have been updated recently (Windows and Mac versions), this month, and the macOS has received security patches as well, a week ago.

         

        • #199450 Reply

          Kirsty
          AskWoody MVP

          Firefox’s last security advisory was issued on June 6th, and the only CVE# reported in MFSA2018-14 isn’t one of the numerous CVE#’s listed in the NCAS Severity Not Yet Ascertained list issued on June 18th… I suspect a new update will be due very soon.

          Firefox’s release notes indicate their last update was issued on June 6th.

          1 user thanked author for this post.
    • #199751 Reply

      Kirsty
      AskWoody MVP

      SB18-176: Vulnerability Summary for the Week of June 18, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-176

      Original release date: June 25, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Cisco
      D-Link DIR-620 devices
      Intel Core-based microprocessors (Lazy FP)
      Linux Kernel
      McAfee
      Symantec
      TP-Link TL-WA850RE Wi-Fi Range Extender

      & many more

      1 user thanked author for this post.
      • #199791 Reply

        geekdom
        AskWoody Lounger

        It’s a little troubling when security software, such as McAfee and Symantec, has vulnerability issues.

        Group G{ot backup} Win7|64-bit|SP1|TestBeta

    • #200977 Reply

      Kirsty
      AskWoody MVP

      SB18-183: Vulnerability Summary for the Week of June 25, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-183

      Original release date: July 02, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Google Home and Chromecast devices
      Linux Kernel
      Microsoft: Visual C++ Redistributable, OneDrive, Skype for Windows, Visual Studio, Windows
      Siemens
      TP-Link TL-WA850RE

      & many more

    • #203460 Reply

      Kirsty
      AskWoody MVP

      SB18-190: Vulnerability Summary for the Week of July 2, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-190

      Original release date: July 09, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Cinnamon Linux
      D-Link
      Huawei
      IBM
      Linux Kernel
      Qualcomm Android
      Siemens
      Synology
      TP-Link
      TrendMicro

      & many more

      1 user thanked author for this post.
    • #204808 Reply

      Kirsty
      AskWoody MVP

      SB18-197: Vulnerability Summary for the Week of July 9, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-197

      Original release date: July 16, 2018

       
      Two non-mainstream categorized vulnerabilities, and from the Severity Not Yet Assigned vulnerabilities disclosed this week:

      Adobe Acrobat and Reader, Flash Player, Photoshop CC
      D-Link DIR Routers
      Intel Active Management Technology (AMT), Multiple Core Processors etc.
      Linux Kernel
      Microsoft .NET framework, Access & Office, Chakracore & Edge, Internet Explorer, “Multiple Products”, Skype, Visual Studio, Windows, Wireless Display Adapter etc.
      Qualcomm Android
      SAP
      Sonos
      VideoLan VLC Media Player
      VMWare

      & many, many more

      1 user thanked author for this post.
    • #205644 Reply

      Kirsty
      AskWoody MVP

      SB18-204: Vulnerability Summary for the Week of July 16, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-204

      Original release date: July 23, 2018

       
      This week’s vulnerabilities include:

      Oracle MySQL
      Adobe Acrobat & Reader, Connect, Experience Manager, Flash Player
      Cisco
      Foxit Reader
      Linux Kernel
      McAfee
      TeamViewer
      TP-Link WR840N devices

      & many more

      1 user thanked author for this post.
    • #207783 Reply

      Kirsty
      AskWoody MVP

      SB18-211: Vulnerability Summary for the Week of July 23, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-211-0

      Original release date: July 30, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Adobe Acrobat and Reader, Connect, Experience Manager, Flash Player
      Linux Kernel
      McAfee
      NetGear (specified routers)
      Samba
      Siemens
      Symantec
      VMWare

      & many more

      1 user thanked author for this post.
    • #209135 Reply

      Kirsty
      AskWoody MVP

      SB18-218: Vulnerability Summary for the Week of July 30, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-218

      Original release date: August 06, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Cisco
      FoxIt PDF Reader
      Huawei (multiple products & smartphones)
      Linux Kernel
      Oracle
      PayPal
      Samba
      SAP
      Synology DiskStation Manager (DSM)

      and many more

      1 user thanked author for this post.
    • #210438 Reply

      Kirsty
      AskWoody MVP

      SB18-225: Vulnerability Summary for the Week of August 6, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-225

      Original release date: August 13, 2018

       
      On this week’s Severity Not Yet Assigned list:

      Hewlett Packard Enterprise (HPE)
      LibreOffice
      Linux Kernel
      MacOS BlueTooth FirmWare, OS Drivers (multiple vendors)
      NetComm Wireless G LTE
      Siemens
      SquirrelMail
      Ubuntu

      and many more.

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: NCAS Weekly Vulnerability Summary

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.