Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • NCAS Weekly Vulnerability Summary

    Home Forums Code Red – Security advisories NCAS Weekly Vulnerability Summary

    Topic Resolution: Not a Question

    This topic contains 48 replies, has 5 voices, and was last updated by  Kirsty 3 days, 15 hours ago.

    • Author
      Posts
    • #102847 Reply

      PhotM
      AskWoody Lounger

      U.S. Department of Homeland Security US-CERT
      National Cyber Awareness System:

      SB17-079: Vulnerability Summary for the Week of March 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-079

      03/20/2017 09:37 AM EDT

      Original release date: March 20, 2017

      The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

      The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

      High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

      Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

      Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

      Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

      High Vulnerabilities

      ………

      ----------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon 6880, Neither Over Clocked

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

      Best Regards,

      Crysta

      • This topic was modified 9 months, 3 weeks ago by  Kirsty. Reason: Title edited
      • This topic was modified 9 months, 1 week ago by  Kirsty.
    • #105796 Reply

      Kirsty
      AskWoody MVP

      SB17-086: Vulnerability Summary for the Week of March 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-086

      Original release date: March 27, 2017

      This week’s vulnerability lists include:
      Linux
      Ubuntu
      Raspberry Pi
      BitDefender 12
      TrendMicro 11
      Cisco Webex
      Huawai DSM
      (and many more)

    • #106826 Reply

      Kirsty
      AskWoody MVP

      SB17-093:  Vulnerability Summary for the Week of March 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-093

      Original release date: April 03, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS pre-10.12.4
        Samsung Galaxy
        Linux
        Debian Linux
        Ubuntu Linux
        Gitlab
        Php to 7.1.3
        Netflix Security Monkey
        Moodle
        (and many more)
    • #108618 Reply

      Kirsty
      AskWoody MVP

      SB17-100: Vulnerability Summary for the Week of April 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-100

      Original release date: April 10, 2017

      This week’s vulnerability lists include:

      • Adobe Acrobat Reader
        Apple iOS pre-10.3
        Apple MacOS X pre-10.12.4
        Apple iCloud pre-6.2
        Apple iTunes pre-12.6
        Apple tvOS pre-10.2
        Safari
        Linux
        Google Android
        Huawai
        Cisco
        D-Link
        McAfee Anti-Malware AVE
        TreendMicro Interscan Web Security
        Dropbox
        FoxIt PDF Toolkit
        (and many more)
      • #108640 Reply

        anonymous

        (and many more)

        Google Android 58 unique line items.

        10 Critical
        33 High
        15 Moderate

        google — android
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099. 2017-04-07 not yet calculated CVE-2017-0575
        CONFIRM (link is external)
        google — android
        An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329. 2017-04-05 not yet calculated CVE-2017-0329
        BID (link is external)
        CONFIRM (link is external)

        To read more, see the link above.

    • #108998 Reply

      anonymous

      This is something to be concerned about. Even if Google is able to fix “critical” issues, how will it trickle down to the manufacture’s firmware of all devices way back to KitKat?
      Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

      Google Android 58 unique line items.

      10 Critical
      33 High
      15 Moderate

      A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.

    • #109684 Reply

      Kirsty
      AskWoody MVP

      SB17-107: Vulnerability Summary for the Week of April 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-107

      Original release date: April 17, 2017

      This week’s vulnerability lists include:
      Adobe Acrobat Reader
      Adobe Flash Player v. 25.0.0.127
      Amazon Fire OS
      Apple MacOS X (10.6-10.6.3)
      Blackberry
      Brother MFC/DRP/HL/ADS Devices
      Cisco
      Google Android, Google Chrome
      Huawai
      LibreOffice
      Linux, Debian, Ubuntu
      Microsoft Windows, Office, Edge, IE, .net Framework
      Samsung Galaxy
      Symantec

      (and many, many more)

      1 user thanked author for this post.
    • #110629 Reply

      Kirsty
      AskWoody MVP

      SB17-114: Vulnerability Summary for the Week of April 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-114

      Original release date: April 24, 2017

       
      This week’s vulnerability lists include:

      Apple iOS pre 9.3.2
      Apple OS X pre 10.11.5
      Apple tvOS pre 9.2.1
      C / C++
      Cisco
      D-Link Wireless Range Extenders
      Google Android
      LibreOffice
      Linux
      Moodle
      Netgear
      Opera
      PHP
      Symantec

      (and many, many more)

    • #112264 Reply

      Kirsty
      AskWoody MVP

      SB17-121: Vulnerability Summary for the Week of April 24, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-121

      Original release date: May 01, 2017

       
      This week’s vulnerability lists include:

      Apple Quicktime
      Apple Safari
      Avast
      D-Link DCS Cameras
      D-Link Firmware
      Google Android
      Google Chrome
      Hyundai Blue Link
      Linux
      Netgear Firmware
      NVidia Video Driver for Android
      Oracle
      TP-Link Firmware
      Trend Micro
      7-Zip32

      (and many, many more)

    • #113475 Reply

      Kirsty
      AskWoody MVP

      SB17-128: Vulnerability Summary for the Week of May 1, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-128

      Original release date: May 08, 2017

       
      Only 3 listed as High Vulnerability, and none of the “usual suspects” above listed in known vulnerabilities, this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      FOREX.com FOREXTrader for iPhone
      Foxit PDF/Reader
      Iodata Webcam Firmware
      LibreOffice
      Linux
      OpenSSL
      Panda Security
      PayQuicker iOS App
      QuickHeal Internet Security
      Sandisk Memory Card (SDHC/SDXC)
      Trend Micro OfficeScan

      (and many more)

      1 user thanked author for this post.
    • #115532 Reply

      Kirsty
      AskWoody MVP

      SB17-135: Vulnerability Summary for the Week of May 8, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-135

      Original release date: May 15, 2017

       
      Only a few quantified vulnerabilities again this week.

      This week’s “Severity Not Yet Assigned” vulnerability list includes:

      Adobe Flash Player
      Google Android
      Linux Kernel
      MS Edge
      MS Explorer
      MS Office
      Panda Mobile Security
      Qualcomm
      others already discussed elsewhere on askwoody.com

      (and many more)

    • #117832 Reply

      Kirsty
      AskWoody MVP

      SB17-142: Vulnerability Summary for the Week of May 15, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-142

      Original release date: May 22, 2017

       
      Google Android and Linux Kernel both have long lists of high- and medium-grade vulnerabilities.

      Severity Not Yet Assigned vulnerability list includes:

      Cisco
      Google Android
      iOS apps
      Linux Kernel
      Microsoft browsers
      Microsoft Office
      Microsoft SMBv1
      Microsoft Windows

      and many more.

      1 user thanked author for this post.
    • #118809 Reply

      Kirsty
      AskWoody MVP

      SB17-149 – Vulnerability Summary for the Week of May 22, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-149

      Original release date: May 29, 2017 | Last revised: May 30, 2017

       
      This week’s vulnerability lists include:

      Apple iOS, MacOS, tvOS, watchOS, Safari
      Linux Kernel
      7-Zip
      BMW 330i Bluetooth Stack
      Cisco
      Evernote
      Google Chrome
      Huawai
      Lenovo
      Microsoft Malware Protection Engine
      Pegasus Mail
      TrendMicro ServerProtect
      VLC

      and many, many more

    • #120034 Reply

      Kirsty
      AskWoody MVP

      SB17-156: Vulnerability Summary for the Week of May 29, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-156

      Original release date: June 05, 2017

       
      Only 11 entries in the assigned vulnerabilities lists this week, with no High vulnerabilities. Linux Kernel is mentioned as a Medium vulnerability.

      On the Unassigned list:
      Microsoft Malware Protection Engine
      VLC Media Player
      VMware

      and several more

    • #120550 Reply

      Kirsty
      AskWoody MVP

      SB17-163: Vulnerability Summary for the Week of June 5, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-163

      Original release date: June 12, 2017

       
      This week’s vulnerability lists include:

      Google Android
      AdBlock
      AMD fglrx-driver
      Apple Mac Sleipnir 4
      ARM Trusted Firmware
      Cisco
      Huawai
      I-O Data
      Lenovo
      Windows 7, Vista
      Samsung S6 Mobile
      Ubuntu – Debian
      VMWare

      and many, many more

    • #121726 Reply

      Kirsty
      AskWoody MVP

      SB17-170: Vulnerability Summary for the Week of June 12, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-170

      Original release date: June 19, 2017

       
      This week’s vulnerability lists include:

      Google Android
      Linux Kernel
      Cisco
      D-Link Wireless N300 Router
      Various iOS Banking Apps
      Microsoft Office, Skype, Windows etc.

      and many, many more

    • #122527 Reply

      Kirsty
      AskWoody MVP

      SB17-177: Vulnerability Summary for the Week of June 19, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-177

      Original release date: June 26, 2017

       
      This week’s vulnerability lists include:

      Adobe Digital Editions
      Adobe Flash Player
      Adobe ShockWave
      Linux Kernel
      Microsoft Windows (XP to SP3, & Server 2003 to SP2)

      and many more

    • #123327 Reply

      Kirsty
      AskWoody MVP

      SB17-184: Vulnerability Summary for the Week of June 26, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-184

      Original release date: July 03, 2017

       
      This week’s vulnerability lists include:

      Linux Kernel
      Microsoft Internet Explorer (6-11)
      OpenVPN
      Adobe “Multiple Products”, incl. Flash Player, AIR
      Cisco
      Huawai
      Lenovo
      Microsoft “Multiple Products”, incl. Skype, WinOS, MMPE, Azure
      Samsung Galaxy S6
      Symantec
      TP-Link
      VLC Media Player

      and many more

    • #124277 Reply

      Kirsty
      AskWoody MVP

      SB17-191: Vulnerability Summary for the Week of July 3, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-191

      Original release date: July 10, 2017

       
      This week’s vulnerability lists include:

      Cisco
      VLC Media Player
      Apple Quicktime for Windows
      Brother MFC-J960DWN firmware
      Google Android (numerous vulnerabilities)
      Linux Kernel
      Notepad ++
      NVidia Android Sound Driver
      Toshiba Home Gateway firmware

      and many, many more

      • #124280 Reply

        ch100
        AskWoody MVP

        Windows, Office, IE are not in the list!
        It looks like the price for security in Windows is to destroy some of the functionality, as it was/is the case with the Outlook patches from June 2017.

        1 user thanked author for this post.
    • #125293 Reply

      Kirsty
      AskWoody MVP

      SB17-198: Vulnerability Summary for the Week of July 10, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-198

      Original release date: July 17, 2017

       
      On this week’s High Vulnerability list:

      Cisco
      Foxit Reader
      Linux Kernel
      McAfee ATD
      Microsoft:
      Edge,
      Excel,
      IE,
      Office, &
      Windows;
      PHP
      Toshiba Home Gateway

      as well as many, many Medium and Low Vulnerabilities, and even more with Severity Not Yet Assigned…

      2 users thanked author for this post.
    • #126823 Reply

      Kirsty
      AskWoody MVP

      SB17-205: Vulnerability Summary for the Week of July 17, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-205

      Original release date: July 24, 2017

       
      This weeks vulnerability lists include:

      Apple iOS, MacOS, tvOS, WatchOS
      Apple iCloud, iTunes, Safari
      Cisco
      Google Android
      Linux Kernel
      Microsoft Edge

      and many, many more

      2 users thanked author for this post.
    • #128047 Reply

      Kirsty
      AskWoody MVP

      SB17-212: Vulnerability Summary for the Week of July 24, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-212

      Original release date: July 31, 2017

       
      For a change, none of the “usual suspects” appear in the allocated vulnerability lists; these are among the not-yet-assigned vulnerability list:

      Avira AV
      Cisco
      Google Android, Chrome
      Intel Processors
      Linux Kernel
      Netcomm Wireless Routers
      NVidia Windows GPU Display Drvier
      Panda Security
      VMWare

      and many more

      • #128048 Reply

        ch100
        AskWoody MVP

        The Intel Processors vulnerability could be considered a very important one.
        However, this may or may not be a real threat, like many others so called security flaws which are only of academic significance, while in practice is close to impossible to exploit them.

        1 user thanked author for this post.
        • #128133 Reply

          Kirsty
          AskWoody MVP

          The Intel “SGX Update” advisory, INTEL-SA-00076, rates the Elevation of Privilege severity as Critical, but the list of affected products appear to be mainly server and some client systems (NUC/Compute Stick).

          Recommendations:
          This update improves the security of Intel® Software Guard Extensions (Intel® SGX) and is strongly recommended.

          While this firmware update prevents exploitation of the issue on systems running SGX, Intel also provides an SGX Attestation service to allow service providers to know whether clients have the latest security updates. Intel plans to update the SGX Attestation Service response on November 14, 2017. On platforms that have not installed the update, SGX applications using the SGX Attestation Service will begin to receive “out of date” responses from the SGX Attestation Service. Applications using SGX may or may not take action based on this information.

      • #128052 Reply

        Noel Carboni
        AskWoody MVP

        Wow, no Windows vulnerabilities listed at all. That’s impressive.

        Toward the bottom of the report…

        NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.

        Stuff like this always worries me a little, in that the obvious fix is to add that “missing permissions check”. Trouble is, doing so might slow everything down or create unexpected couplings. Perhaps that check is “missing” in a high-use section of the code. We are talking about a display driver here where changes to performance could be very visible and potentially disruptive.

        Secondary to that it’s all fine and good to want robust software, but software that presumes a system WILL be compromised and constantly takes measures deep within to protect itself from itself can be way less efficient than software that can run unfettered, secure in the knowledge that the system is protected from infection at a higher level. It’s a bit like a company where every employee checks the credentials of every other employee on a moment by moment basis. Sure, no one is going to be fooled by an imposter, but no one really gets much done either. Wouldn’t it be better to just check the credentials at the front door?

        -Noel

        • #128130 Reply

          Kirsty
          AskWoody MVP

          Security Bulletin: NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler
          https://nvidia.custhelp.com/app/answers/detail/a_id/4525
          Answer ID 4525 | Updated July 31, 2017

          NVIDIA GPU display driver vulnerabilities may lead to denial of service or possible escalation of privileges

           
          The above security bulletin contains details of the affected products and driver fixes, with a link to the driver download page.

          1 user thanked author for this post.
          • #128157 Reply

            Noel Carboni
            AskWoody MVP

            I downloaded their latest driver (385.48) for my card early this morning. I worked with the system all day, and it’s running perfectly. There was only a small degradation in one of the Passmark PerformanceTest benchmarks, while there was a slight improvement in a few others. All in all, the scores before and after added up to about the same.

            -Noel

            • #128158 Reply

              Kirsty
              AskWoody MVP

              v. 385.48 isn’t showing in NVidia’s list under “First version that includes the fix”… could that be a typo?

    • #128666 Reply

      Kirsty
      AskWoody MVP

      SB17-219: Vulnerability Summary for the Week of July 31, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-219

      Original release date: August 07, 2017

       
      Some of last week’s not-yet-assigned vulnerabilities appear in this week’s list categorised as High & Medium vulnerabilities.

      This week’s vulnerability lists include:
      Cisco
      Comcast
      Microsoft Outlook
      NetComm
      NVidia Windows GPU Driver
      TrendMicro
      IBM (various)
      VMWare
      F-Secure Online Scanner
      Linux Kernel

      and many more.

      1 user thanked author for this post.
    • #129621 Reply

      Kirsty
      AskWoody MVP

      SB17-226: Vulnerability Summary for the Week of August 7, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-226

      Original release date: August 14, 2017

       
      This week’s vulnerability lists include:
      Cisco
      Microsoft Edge, Internet Explorer, Win. Server 2016, Windows (various)
      Linux Kernel
      Oracle
      Google Android
      Adobe Acrobat Reader, Digital Editions & Experience Manager, Flash Player
      Debian
      TrendMicro
      VMWare

      & oodles more…

      1 user thanked author for this post.
    • #130456 Reply

      Kirsty
      AskWoody MVP

      SB17-233: Vulnerability Summary for the Week of August 14, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-233

      Original release date: August 21, 2017

       
      This week’s vulnerability lists include:

      Adobe Acrobat Reader, Digital Ediitions, Experience Manager & Flash Player
      Google Android
      Cisco
      D-Link
      FoxIt PDF
      Linux Kernel

      & and many more

      1 user thanked author for this post.
    • #130979 Reply

      Kirsty
      AskWoody MVP

      SB17-240: Vulnerability Summary for the Week of August 21, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-240

      Original release date: August 28, 2017

       
      This week’s vulnerability lists include:

      Google Android
      Linux Kernel
      D-Link Firmware
      Kaspersky IS for Android
      Samsung S4 & S6
      Ubuntu

      & many more

    • #132225 Reply

      Kirsty
      AskWoody MVP

      SB17-247: Vulnerability Summary for the Week of August 28, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-247-0

      Original release date: September 04, 2017

       
      On this week’s vulnerability lists:

      Linux Kernel
      Bitdefender Total Security
      D-Link Firmware
      FoxIt Reader
      Fuji Xerox
      Heimdal
      McAfee Live Safe

      & many more

    • #138861 Reply

      Kirsty
      AskWoody MVP

      Bulletin SB17-289: Vulnerability Summary for the Week of October 9, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-289

      Original release date: October 16, 2017

       
      Among this week’s extensive list with Severity Not Yet Assigned, are:

      Cisco Firmware
      Intel NUC Firmware
      JavaScript
      Linux (various)
      Microsoft Edge, Internet Explorer, Office, Outlook, Windows, Sharepoint, Web Apps, etc.

      & many, many more

    • #140801 Reply

      Kirsty
      AskWoody MVP

      SB17-296: Vulnerability Summary for the Week of October 16, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-296

      Original release date: October 23, 2017

       
      This week’s very long list of vulnerabilities include, among others:

      Microsoft – various:
      “Scripting Engine Memory Corruption Vulnerability”, “Windows Kernel Information Disclosure Vulnerability” et al
      Oracle
      WPA/WPA2
      Blackberry
      Cisco
      Debian
      Google Android
      Huawei
      Infineon
      Linux Kernel
      NVidia
      TP-Link

      and many, many more

      1 user thanked author for this post.
    • #142584 Reply

      Kirsty
      AskWoody MVP

      SB17-303: Vulnerability Summary for the Week of October 23, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-303

      Original release date: October 30, 2017

       
      This week’s vulnerability lists include:

      Apple: macOS-X, iOS, AppleTV, iCloud, iTunes, Safari etc.
      FoxIt Reader
      Adobe Flash Player (27.0.0.159 and earlier)
      Cisco Webex Meetings Server
      D-Link
      Debian-Ubuntu
      Google Chrome
      Linux Kernel
      Symantec Endpoint Encryption, Encryption Desktop
      TP-Link
      WordPress

      and many, many more

    • #144592 Reply

      Kirsty
      AskWoody MVP

      SB17-310: Vulnerability Summary for the Week of October 30, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-310

      Original release date: November 06, 2017

       
      No High or Low vulnerabilities this week!

      On the “Severity Not Yet Assigned” list:
      BitDefender Internet Security 2018
      Cisco
      D-Link
      FoxIt Reader
      Google Android & Chrome
      Linux Kernel
      McAfee
      TP-Link
      Tor Browser

      and many, many more

    • #145536 Reply

      Kirsty
      AskWoody MVP

      SB17-317: Vulnerability Summary for the Week of November 6, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-317

      Original release date: November 13, 2017

       
      The categorised vulnerabilities entries are limited again this week, but in the uncategorised list:

      Disney Circle
      Linux Kernel
      Logitech Media Server
      Symantec Endpoint Protection
      Tor Browser

      and many more

    • #146676 Reply

      Kirsty
      AskWoody MVP

      SB17-324: Vulnerability Summary for the Week of November 13, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-324

      Original release date: November 20, 2017

       
      Again, no categorised vulnerabilities in this week’s list. In the Severity Not Yet Assigned list:
      Apple – various “multiple products”
      Microsoft – various “multiple products”
      Cisco
      D-Link
      Google Android
      Linux Kernel
      Realtek Audio Driver (in some Lenovo ThinkPads)
      VMWare

      and many more

    • #149098 Reply

      Kirsty
      AskWoody MVP

      SB17-331: Vulnerability Summary for the Week of November 20, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-331

      Original release date: November 27, 2017

       
      No quantified vulnerabilities again. From Severities Not Yet Assigned:

      Open Office
      Huawei Smartphones (multiple)
      Intel (various)
      Symantec
      VMWare

      and many more

    • #150373 Reply

      Kirsty
      AskWoody MVP

      SB17-338: Vulnerability Summary for the Week of November 27, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-338

      Original release date: December 04, 2017

       
      On this week’s vulnerability lists:

      Cisco Webex & others
      Adobe, incl. Flash
      Apple MacOS
      JavaScript
      Linux Kernel
      Samba
      TP-Link “multiple devices”

      and many more.

    • #154121 Reply

      Kirsty
      AskWoody MVP

      SB17-345: Vulnerability Summary for the Week of December 4, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-345

      Original release date: December 11, 2017 | Last revised: December 15, 2017

       
      There are no categorised risks this time. On the Severity Not Yet Assigned list:
      Adobe – multiple products
      Debian
      Dell Storage Manager & 233DM MF Laser Printer Firmware
      Google Android
      Kaspersky ESS
      Linux Kernel
      Microsoft Malware Protection Engine
      OpenSSL
      Qualcomm Android for MSM
      Tor
      VMWare

      & many more

    • #154122 Reply

      Kirsty
      AskWoody MVP

      SB17-352: Vulnerability Summary for the Week of December 11, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-352

      Original release date: December 18, 2017

       
      On this week’s extensive vulnerability lists:
      Adobe Acrobat/Reader, Photoshop, Connect, Digital Editions, Experience Manager, Flash Player, InDesign, Shockwave;
      Microsoft Internet Explorer, Device Guard, ChakraCore, Malware Protection Engine, Edge, Office 2016 CTR, Office 2013 SP1 & RT SP1, Sharepoint Enterprise Server 2016; Windows 7, Server 2008 and newer;
      Cisco Multiple Products
      D-Link
      Kaspersky ESS
      Linux Kernel
      Panda
      SAP
      Symantec-Norton
      TrendMicro
      VLan VLC
      Western Digital MyCloud

      and many, many more

    • #154540 Reply

      Kirsty
      AskWoody MVP

      SB17-359: Vulnerability Summary for the Week of December 18, 2017
      https://www.us-cert.gov/ncas/bulletins/SB17-359

      Original release date: December 25, 2017 | Last revised: December 26, 2017

       
      This week’s vulnerability lists include:

      BitDefender
      Cisco
      FoxIt Reader
      Huawei – multiple products
      IBM
      Linux Kernel
      Synology
      TP-Link – multiple products
      VLan VLC
      VMWare

      & many, many more

      1 user thanked author for this post.
    • #156362 Reply

      Kirsty
      AskWoody MVP

      SB18-001: Vulnerability Summary for the Week of December 25, 2017
      https://www.us-cert.gov/ncas/bulletins/SB18-001

      Original release date: January 01, 2018

       
      On this week’s vulnerability lists:

      Apple tvOS, MacOS, iOS, Safari; iCloud & iTunes on Windows
      Enigmail
      Google Play
      Linux Kernel
      Samsung Internet Browser 6.2.01.12, S6 Edge – Email Composer

      & many, many more

    • #159823 Reply

      Kirsty
      AskWoody MVP

      SB18-008: Vulnerability Summary for the Week of January 1, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-008-0

      Original release date: January 08, 2018

       
      Very few quantified vulnerabilities this week; from the Severity Not Yet Assigned list:

      Cisco Webex
      DuoLingo
      Linux Kernel
      Microsoft Edge, Internet Explorer, Windows etc.
      Oracle
      Samsung Multiple Mobile Devices
      VMWare

      & many, many more.

    • #159824 Reply

      Kirsty
      AskWoody MVP

      SB18-015: Vulnerability Summary for the Week of January 8, 2018
      https://www.us-cert.gov/ncas/bulletins/SB18-015

      Original release date: January 15, 2018

       
      Only one product populates this week’s High & Medium severity vulnerability list. From the Severity Not Yet Assigned list:

      Adobe Flash
      D-Link DSL Devices
      Google Android (multiple)
      Google Chrome
      Intel Driver & Support Assistant
      Linux Kernel
      Malwarebytes Premium
      Microsoft .NET, Office, Outlook, Sharepoint
      SAP
      Sophos Firewall
      Symantec ASG
      TP-Link – multiple devices
      VMWare

      & many, many more.

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: NCAS Weekly Vulnerability Summary

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.