Cisco has released a security update stating that it has discovered a vulnerability in the Open Container Initiative runc CLI tool used by multiple products which could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. This issue exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker …
VMWare has released a security update stating that it has discovered a runc container runtime vulnerability for VMware Integrated OpenStack with Kubernetes (VIO-K), VMware PKS (PKS), VMware vCloud Director Container Service Extension (CSE) and vSphere Integrated Containers (VIC). Successful exploitation of this issue may allow an attacker to overwrite the contents of a host’s runc …
Google has released a security update stating that the following issues have been discovered with Google Chrome all versions of Google Chrome prior to 72.0.3626.81: a) Heap buffer overflow in SwiftShader – (CVE-2019-5771). b) Heap buffer overflow in WebGL – (CVE-2019-5770). c) Inappropriate implementation in QUIC Networking – (CVE-2019-5754). d) Inappropriate implementation in V8 – …
Mozilla has released a security update stating that the following issues have been discovered in Mozilla FireFox ver 65.0: a) A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations – (CVE-2018-18504). b) A use-after-free vulnerability can occur while parsing …
Apple has released a security update stating that the following vulnerabilities were patched in iCloud, Safari, watchOS, tvOS, Mojave, High Sierra, Sierra, and iOS: a) A buffer overflow issue was addressed with improved memory handling – (CVE-2019-6224). b) A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation – (CVE-2019-6228). …
Drupal has released a security update stating that a remote code execution vulnerability exists in PHP’s built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This issue is …
PHP has released a security update stating that the following vulnerabilities have been discovered in the following versions of PHP: Version 5.6.40 Bug #77242 (heap out of bounds read in xmlrpc_decode()). Bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). Bug #77269 (efree() on uninitialized Heap data in imagescale leads to Bug #77270 (imagecolormatch Out Of Bounds …
Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System: a) An elevation of privilege vulnerability in Framework – (CVE-2018-9582). b) A remote code execution vulnerability in System – (CVE-2018-9583). c) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9584). d) Multiple information disclosure vulnerabilities in …
Cisco has released a security update stating that an issue in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated but unprivileged, (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using …
Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) Multiple security bypass privilege escalation – (CVE-2018-16018). b) Multiple use after free arbitrary code execution (CVE-2018-16011). Successful exploitation of these vulnerabilities could result in the attacker gaining control of the affected system and depending on …