Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. TTCSIRT encourages users and administrators to review Apple’s security updates page and apply the necessary updates: https://support.apple.com/en-us/HT201222 1) CVE-2019-8641 – A remote attacker may be able to cause unexpected […]
Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TTSCIRT urges users and administrators to review the Cisco Security Advisories page and apply the necessary updates: https://tools.cisco.com/security/center/publicationListing.x CRITICAL 1) CVE-2018-0296 – Cisco Adaptive Security Appliance […]
Microsoft has released a security update stating that it has discovered the following vulnerabilities in Microsoft SharePoint Server 2019: a) CVE-2019-1257 – the software fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the SharePoint application pool and the […]
Google has released a security update stating that it has discovered the following vulnerabilities in Google Chrome: a) Use-after-free in UI – CVE-2019-13685. b) Use-after-free in media – CVE-2019-13688. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted web page. Exploitation could allow an attacker to execute arbitrary […]
Google has released a security update stating that it has discovered the following issues with the Android OS: a) A vulnerability in NVIDIA components could allow for Escalation of Privileges – (CVE-2018-6240). b) Multiple vulnerabilities in Media framework could allow for Remote Code Execution – (CVE-2019-2176). Further information on these vulnerabilities and how they can […]
Mozilla has released a security update stating that it has discovered the following issues in versions of Mozilla Firefox Browser prior to 69.0: a) A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash – (CVE-2019-11746). b) Navigation events do […]
Cisco has released a security update stating that it has discovered the following issues in Cisco Small Business 220 Series Smart Switches: a) An authentication bypass vulnerability which could allow for remote file upload due to incomplete authorization checks in the web management interface – (CVE-2019-1912). b) A command injection vulnerability could allow for arbitrary […]
Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat and Reader: a) Multiple Out-of-Bounds Read vulnerabilities that could allow for information disclosure – (CVE-2019-8077). b) A command injection vulnerability that could allow for arbitrary code execution – (CVE-2019-8060). c) Multiple heap overflow vulnerabilities that could allow for […]
PHP has released a security update stating that it has discovered the following issues in PHP7 – a) Bug #78256 – Heap-buffer-overflow on exif_process_user_comment. b) Bug #78222 – Heap-buffer-overflow on exif_scan_thumbnail. c) Bug #78039 – FTP with SSL memory leak. d) Bug #78279 – libxml_disable_entity_loader settings is shared between requests cgi-fcgi. e) Bug #76058 – […]
Google has released a security update sting that it has discovered in the following vulnerabilities in Google Chrome: a) Insufficient checks on filesystem – (CVE-2019-5856). b) Insufficient filtering of Open URL service parameters – (CVE-2019-5858). c) Insufficient port filtering in CORS for extensions – (CVE-2019-5864). d) Integer overflow in PDFium – (CVE-2019-5855). e) Integer overflow […]
