CVE-2019-7800: Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier…

CVE-2019-7800 [HIGH] GHSA-h8rj-g64x-pw78: Adobe Acrobat and Reader versions 2019 Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2019-16008 [MEDIUM] CWE-79 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software u

CVE-2019-1922 [MEDIUM] CWE-476 Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps

CVE-2019-1635 [HIGH] CWE-399 Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Cisco has released soft

CVE-2019-1716 [HIGH] CWE-20 Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisc

CVE-2019-1684 [MEDIUM] CWE-399 Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a

CVE-2019-1922 Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability CVE-2019-1922: Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. There are no CVSS: 3.0 CWE: CWE-476, CWE-476 Bug IDs: CSCvc61672

CVE-2019-1684 Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability CVE-2019-1684: Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, r

CVE-2019-1635 Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability CVE-2019-1635: Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Cisco has

CVE-2019-1716 Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability CVE-2019-1716: Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the

CVE-2019-16008 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability CVE-2019-16008: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has rele

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Sfruttamento vulnerabilità ## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research May 15, 2019 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Exploits & Vulnerabilities # Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research 2019/05/15 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Exploits & Vulnerabilities ## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research May 15, 2019 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Exploits & Vulnerabilities ## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research 2019/05/15 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Exploits & Vulnerabilities # Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research May 15, 2019 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Ausnutzung von Schwachstellen ## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research May 15, 2019 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this rel

CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Exploits y vulnerabilidades ## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003. By: Trend Micro Research May 15, 2019 Read time: ( words) Save to Folio Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point. Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this relea