Security News

CVE-2018-0134

National Vulnerability Database - Thu, 02/08/2018 - 02:29
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.
Categories: Security News

CVE-2018-0135

National Vulnerability Database - Thu, 02/08/2018 - 02:29
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.
Categories: Security News

CVE-2018-0137

National Vulnerability Database - Thu, 02/08/2018 - 02:29
A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152.
Categories: Security News

CVE-2018-0138

National Vulnerability Database - Thu, 02/08/2018 - 02:29
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946.
Categories: Security News

CVE-2017-5125

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2017-5126

National Vulnerability Database - Wed, 02/07/2018 - 18:29
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Categories: Security News

CVE-2017-5127

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Categories: Security News

CVE-2017-5128

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
Categories: Security News

CVE-2017-5129

National Vulnerability Database - Wed, 02/07/2018 - 18:29
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2017-5130

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Categories: Security News

CVE-2017-5131

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
Categories: Security News

CVE-2017-5132

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
Categories: Security News

CVE-2017-5133

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.
Categories: Security News

CVE-2018-6829

National Vulnerability Database - Wed, 02/07/2018 - 18:29
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Categories: Security News

CVE-2017-15386

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Categories: Security News

CVE-2017-15387

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
Categories: Security News

CVE-2017-15388

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2017-15389

National Vulnerability Database - Wed, 02/07/2018 - 18:29
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Categories: Security News

CVE-2017-15390

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Categories: Security News

CVE-2017-15391

National Vulnerability Database - Wed, 02/07/2018 - 18:29
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
Categories: Security News

Pages