Apple Security Advisory 2018-1-23-1 - iOS 11.2.5 is now available and addresses memory corruption, code execution,a nd various other vulnerabilities.
52d4ccf52d83225887797331dc30d1b05effec25f5961f68eb5b8b3866120d0b
Apple Security Advisory 2018-1-8-1 - iOS 11.2.2 is now available and and addresses Spectre issues with Safari and WebKit.
14100c950dadca4bf5143083ee95bc72573920f161f07761ce065fa637ff4c25
Cisco IOS SNMP service remote code execution exploit.
9f964db2a690372711f23da711b9a272698adce51482c42bd5d5bf13e43c9e2e
Apple Security Advisory 2017-12-13-1 - iOS 11.2.1 is now available and addresses a message handling issue.
9f70803c117fb99f70f2c54098d2a54f3557550c20837d8407e7fb123ad88f57
macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
4314c9b3d4d919fbf8280f16f7d8de49f26550f782ad1c352b5a319dee587e69
macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
752bf8adfa42c1db21266f6817c3ff5c3ef4a4a157ab2fbb3882400fdc6fb035
macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
0b5dfcc9863d0ed99660566f6392ccc4d9189ce7b6334fa7a00773db58a29596
Apple Security Advisory 2017-12-6-2 - iOS 11.2 addresses issues relating to interception, memory corruption, and more.
580cabcbdb420192d01e95f5a55e5c891d08bcd35c13922c2719f3e870e19e94
Cisco has released an advisory detailing code execution, out of bounds, and denial of service vulnerabilities in the WebEx Network Recording Player.
933e82144bff1553d310fc0e1a83961cada366eaac209dc3750e70b91843bdd0
Cisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.
b75df23092926396b8f5b75ae10c72733fe4fc796acb74fe704cb7c3477edf0e
Apple Security Advisory 2017-10-31-1 - iOS 11.1 is now available and addresses denial of service, code execution, and various other vulnerabilities.
dfa2d5d72332c1c3cd1b74e98afb886ddf907cb8d065169c43abed21bd113cbf
Apple Security Advisory 2017-10-31-9 - iOS 11 addresses TLS weaknesses, denial of service, arbitrary code execution, and various other vulnerabilities.
46171a35b50df25804054ca92ead701817ede06a281105b670af269d27fc2535
Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1b
Cisco Prime Collaboration Provisioning versions prior to 12.1 suffer from authentication bypass and code execution vulnerabilities.
dfd9c9f1d24c40585c41065348c276c1ee7b370952139218edb30fa3bb94f440
Apple Security Advisory 2017-09-25-4 - iOS 11 addresses denial of service, service impersonation, and various other vulnerabilities.
63d7ee9aed6f2dbe84b1bde7894ca17abe7eb97f4cfd69dcb8570468e235d4a4
Apple Security Advisory 2017-09-19-1 - iOS 11 is now available and addresses cross site scripting, denial of service, and various other vulnerabilities.
865ddf6e4616468e824f454d3cd875358dafbfd0bc8839b6bdf8c0c9a75125c5
Debian Linux Security Advisory 3976-1 - Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
0a69601790864c6fb3deab2a65a9e4e5d304fe53babef2625fd8e003bb451c4a
VLC Media Player iOS application version 2.7.8 suffers from a file disclosure vulnerability.
e193c871b8bfbe11c945a7f45034301f1cb2c76667721f6887a8febbaed08f57
Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.
103a1cd8dfe8bcd292b357f7210598a04715f7f0c33d9dfc09c87d9f23994fcf
Debian Linux Security Advisory 3929-1 - Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash (denial of service), or potentially execute arbitrary code.
310a70ae21393eb773e894d9e3c1fe126f02479b49ecada180120eac46f3355c
HPE Security Bulletin HPESB3P03762 1 - HPE StoreFabric C-series Switch Software uses Ciscos Prime Data Center Network Manager (DCNM). Cisco has identified a remote code execution vulnerability in two versions of Cisco Prime Data Center Network Manager (DCNM) which HPE had included for download for customers under contract from the HPE Support Center. The affected versions of DCNM are 10.1(1) and 10.1(2). HPE bundled these DCNM versions with the following MDS and Nexus firmware downloads: * MDS 7.3(0)DY(1), released February 2017 * MDS 7.3(1)DY(1), released April 2017 * Nexus 5.2(1)N1(9b), released May 2017 **Note:** A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. Revision 1 of this advisory.
a8e09be97b4de5cb5a24c72c56585c40b90a364dc24e2d76e252404144141bc3
macOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects.
405eaaf340b03d53f3015ef4449fe9eaf691f0e32d6d231209f1632dfa391afd
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
bba5cc534430055871650418688d8bd274553666faeff961389712559b5bfd4e
Apple Security Advisory 2017-07-19-1 - iOS 10.3.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
a2d4b5826b831607a1a8366303cee291dd5ca20677f208e056fb175e2afb1cea
Various GPC Sanitization bypasses exist in Cisco WebEx that can permit from arbitrary remote command execution.
2742e774481d9cd4f1486925a8d6d0f5cd50b3e1c50f16db34aa9fee06887044