Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

The vulnerability of the processing mechanism for traffic handled by microprogrammed network interface controllers in Cisco ASA and Firepower systems allows attackers to induce service failures.

The vulnerability of the processing mechanism for traffic handled by microprogrammed network interface controllers in Cisco ASA and Firepower systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions throu...

Multiple vulnerabilities in the Application Layer Protocol Inspection component of Cisco microprogrammed network interface devices, which allow attackers to cause service failures.

The multiple vulnerabilities of the Application Layer Protocol Inspection component in Cisco microprogrammed network interfaces are related to resource management errors. Exploiting these vulnerabilities could allow a malicious actor to cause service interruptions by sending large amounts of...

Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)

Summary A denial of service vulnerability CVE-2016-8106 has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance. Vulnerability Details CVEID: CVE-2016-8106 DESCRIPTION: Intel Ethernet Controller X710/XL710 is vulnerable to a denial of service...

Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)

Summary A denial of service vulnerability CVE-2016-8106 has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance. Vulnerability Details CVEID: CVE-2016-8106 DESCRIPTION: Intel Ethernet Controller X710/XL710 is vulnerable to a denial of...

June 12, 2018—KB4284826 (Monthly Rollup)

June 12, 2018—KB4284826 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4103713 released May 17, 2018 and addresses the following issues: Provides support to control use of Indirect Branch Prediction Barrier IBPB on some AMD...

Design/Logic Flaw

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...

Design/Logic Flaw

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

Cisco Prime Collaboration Provisioning Authorization Issues Vulnerability

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. An authorization issue vulnerability exists ...

May 8, 2018—KB4103718 (Monthly Rollup)

May 8, 2018—KB4103718 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were part of update KB4093113 released April 17, 2018 and addresses the following issues: Addresses an issue that may cause a memory leak on SMB servers after installing KB4056897...

Race condition

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router ASR 5700 Series devices and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to cause an interface on the device to...

CVE-2018-0239

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router ASR 5700 Series devices and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to cause an interface on the device to...

CVE-2018-0239

A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router ASR 5700 Series devices and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to cause an interface on the device to...

April 10, 2018—KB4093118 (Monthly Rollup)

April 10, 2018—KB4093118 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4088881released March 23, 2018 and addresses the following issues: Addresses an issue where a new Ethernet Network Interface Card NIC that has default...

March 13, 2018—KB4088878 (Security-only update)

March 13, 2018—KB4088878 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Important changes include the following: Spectre and Meltdown protections for 32-Bit x86 and 64-Bit x64...

Design/Logic Flaw

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by...

CVE-2017-15044

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by...

CVE-2017-15044

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by...

CVE-2017-15044

The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by...

CVE-2017-15044

The CVE-2017-15044 issue concerns DocuWare Fulltext Search server (up to version 6.11). The embedded Solr service is reachable from the network due to the server listening on a network interface (not localhost), allowing remote users to connect, download searchable text, and potentially bypass Do...