Security Bulletins

[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:31:02 GMT

 2018-06-21 Vuln: Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
 2018-06-21 Vuln: Delta Industrial Automation COMMGR CVE-2018-10594 Stack Based Buffer Overflow Vulnerability
Delta Industrial Automation COMMGR CVE-2018-10594 Stack Based Buffer Overflow Vulnerability
 2018-06-21 Vuln: Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
Multiple Rockwell Automation Products CVE-2017-9312 Remote Denial of Service Vulnerability
 2018-06-20 Vuln: Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
Oracle Outside In Technology CVE-2018-2806 Remote Security Vulnerability
  Bugtraq: FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu
FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:38:02 GMT

 Wed, 20 Jun 2018 15:02:32 -0400 Trump's Plan To Stop Family Separations Is To Detain Families Together

Trump's Plan To Stop Family Separations Is To Detain Families TogetherPresident Donald Trump's plan to stop his administration's policy of


 Thu, 21 Jun 2018 17:51:47 -0400 Migrant Children Report Physical, Verbal Abuse In At Least 3 Federal Detention Centers

Migrant Children Report Physical, Verbal Abuse In At Least 3 Federal Detention CentersMigrant children as young as 11 years old have reported suffering physical and


 Thu, 21 Jun 2018 12:06:38 -0400 Democrats look to gain in Southern California as outrage mounts over family separations

Democrats look to gain in Southern California as outrage mounts over family separationsDemocrats are already plotting about how to motivate and mobilize the 66 percent of voters who oppose Trump’s “zero tolerance” policy.


 Wed, 20 Jun 2018 11:42:32 -0400 Trump executive order leaves critics wondering what’s next for migrant families

Trump executive order leaves critics wondering what’s next for migrant familiesPresident Trump’s executive order allowing migrant families to remain together was met with skepticism as critics argue it will be difficult to reunite families that have already been separated.


 Wed, 20 Jun 2018 07:29:03 -0400 South Sudan president Kiir departs for Ethiopia ahead of peace talks

South Sudan president Kiir departs for Ethiopia ahead of peace talksSouth Sudan President Salva Kiir left the capital on Wednesday and headed to Ethiopia ahead of a planned meeting with his rival and rebel leader Riek Machar ahead of planned talks to try to negotiate an end to a five-year-old civil war, an official said. "IGAD has decided to call face-to-face dialogue between our president and Riek Machar on outstanding issues," Awut Deng, a senior member of Kiir's delegation, said before departing, referring to the regional East African bloc.



Cisco Security Advisory   more  xml  hide  
last updated: Fri, 22 Jun 2018 10:36:57 GMT

 Wed, 20 Jun 2018 16:18:23 CDT Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device.

The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges.

Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.


Security Impact Rating: High
CVE: CVE-2018-0307
 Wed, 20 Jun 2018 16:00:00 CDT Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos
Security Impact Rating: Medium
CVE: CVE-2018-0373
 Wed, 20 Jun 2018 16:00:00 CDT Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-vcse-dos


Security Impact Rating: Medium
CVE: CVE-2018-0358
 Wed, 20 Jun 2018 16:00:00 CDT Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-ucmim-ps-csrf


Security Impact Rating: Medium
CVE: CVE-2018-0363
 Wed, 20 Jun 2018 16:00:00 CDT Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-ucdm-csrf


Security Impact Rating: Medium
CVE: CVE-2018-0364

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins