March 23, 2018—KB4088881 (Preview of Monthly Rollup)

March 23, 2018—KB4088881 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4088875 released March 13, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Improves...

Cisco Releases Security Updates

Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and...

Adobe Releases Security Update for Creative Cloud

Adobe has released a security update to address a vulnerability in Adobe Creative Cloud Desktop Application. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-32 and apply the...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates. This...

Oracle Database Server CVE-2018-3110

The remote Oracle Database Server is missing patches. It is, therefore, affected by CVE-2018-3110. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020,...

Google Releases Security Update for Chrome

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. Th...

libwav SEGV vulnerability

libwav is a wav encoding library written in C language. A security vulnerability exists in the 'applygain' function in the wavgain/wavgain.c file in libwav versions 2017-04-20 and earlier. An attacker can exploit this vulnerability to cause a denial of service segment error...

CVE-2018-14052

An issue has been found in libwav through 2017-04-20. It is a SEGV in the function applygain in wavgain/wavgain.c...

libgit2 Denial of Service Vulnerability (CNVD-2018-20567)

libgit2 is a portable, C implementation of the Git core development kit . A security vulnerability exists in libgit2 versions prior to 0.27.3, which stems from a lack of security detection in the 'gitdeltaapply' function of the delta.c file. An attacker can exploit this vulnerability to cause a...

libgit2 integer overflow vulnerability (CNVD-2019-06643)

libgit2 is a portable, C implementation of the Git core development kit . An integer overflow vulnerability exists in the 'gitdeltaapply' function of the delta.c file in versions of libgit2 prior to 0.27.3, which can be exploited by an attacker to disclose a memory address or cause a denial of...

UBUNTU-CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

ALPINE-CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

DEBIAN-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

UBUNTU-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

ALPINE-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

PT-2018-2662 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 Linksys E2500 versions 3.0.04 Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. This can be exploited by a remote attacker to...

DEBIAN-CVE-2018-13346

The mpatchapply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.9 and appl...