Mozilla has released a security update stating that it has discovered the following vulnerabilities in Mozilla FireFox ver67.0: a) Timing Attack Vulnerability (CVE-2019-9815) – if hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. b) Type Confusion Vulnerability (CVE-2019-9816) – a possible vulnerability exists where type confusion can occur when …
IBM has released a security update stating that it has discovered a vulnerability in IBM WebSphere Application Server that could allow for remote code execution. This issue occurs when serializing an object from an untrusted source. IBM WebSphere Application Server is a software framework and middleware that hosts Java-based web applications. Further information on this …
VMware has released a security update stating that VMware Workstation contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. Further information on this …
Adobe has released a security update stating that it has discovered the following issues in the latest versions of Adobe Acrobat and Reader: a) Multiple Out-of-Bounds Read vulnerabilities that could allow for Information Disclosure – (CVE-2019-7841, CVE-2019-7836). b) Multiple Use After Free vulnerabilities that could allow for Arbitrary Code Execution – (CVE-2019-7835, CVE-2019-7834). c) A …
Drupal has released a security update stating that the following vulnerabilities have been discovered in the Drupal Core Module: a) Validation messages were not escaped when using the form theme of the PHP templating engine which, when validation messages may contain user input, could result in an XSS – (CVE-2019-10909). b) Service IDs derived from …
Cisco has released a security update stating that it has discovered a vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) where an attacker could access the development shell without proper authentication, which allows for root access to the underlying Linux OS. This vulnerability exists because the software improperly validates …
Samba Team has released a security update stating that Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, “winreg_SaveKey”, is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere as they have unix permissions to create a new file …
Apache has released a security update stating that in Apache HTTP Server 2.4 releases, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Further information on this vulnerability and how it can be mitigated can be …
Intel has released a security update stating that a potential security vulnerability in Intel® USB 3.0 Creator Utility may allow for escalation of privileges. This vulnerability is due to improper permissions in the Intel(R) USB 3.0 Creator Utility. Further information on this vulnerability and how it can be mitigated can be found on the Intel …
Adobe has released a security update stating that it has found a heap corruption issue(CVE-2019-7094) within Adobe Photoshop which could allow for arbitrary code execution. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application …