WordPress has released a security update stating that it has discovered the following vulnerabilities with WordPress ver 5.0 and earlier: a) Authors can alter meta data to delete files that they are not authorized to. b) Authors can create posts of unauthorized post types with specially crafted input. c) URL inputs can lead to a […]
Cisco has released a security update stating that it has discovered a vulnerability in the web framework code of Cisco Prime License Manager (PLM) which could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. This is due to a lack of proper validation of user-supplied input in SQL queries and as a result, […]
Google has released a security update stating that the following issues have been discovered in the Android OS: a) Elevation of privilege vulnerability in Framework – (CVE-2018-9547). b) Information disclosure vulnerability in Framework – (CVE-2018-9548). c) Multiple arbitrary code execution in System – (CVE-2018-9555, CVE-2018-9556). d) Multiple vulnerabilities in Qualcomm components – (CVE-2018-11960, CVE-2018-11961, CVE-2018-11963). […]
Samba Team has released a security update stating that all versions of Samba from ver 4.0.0 onwards are vulnerable to infinite query recursions caused by CNAME loops. Attackers can exploit this vulnerability by adding and removing Domain Name Service (DNS) Records by using the ldbadd tool. Further information on this vulnerability and how it can […]
VMware has released a security update stating that VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. Further information on this vulnerability and how it can be mitigated can be found on the VMware Website at https://www.vmware.com/security/advisories/VMSA-2018-0030.html
Google has released a security update stating that a vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. This vulnerability is caused by a use-after-free flaw in GPU (CVE-2018-17479). Further information on this vulnerability and how it can be mitigated can be found on the Google Website at https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html
Adobe has released a security update stating that it has discovered a vulnerability in Adobe Flash Player where an attacker can perform remote code execution due to a confusion bug. This issue is caused by the interpreter code of the Action Script Virtual Machine (AVM) not resetting a with-scope pointer when an exception is caught […]
VMware has released a security update stating that VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This vulnerability could allow an attacker to execute code on the host especially if vmxnet3 is enabled. Further information on this vulnerability and how it can be mitigated can be found […]
Apache has released a security update stating that all web applications using Apache Struts be upgraded to ver 2.3.36 as previous versions are vulnerable to Remote Code Execution attackers from attackers. This vulnerability is due to commons-fileupload jar file having a flaw where it can be replaced with a malicious file if an attacker is […]
Microsoft has released a security update stating that a vulnerability has been discovered in Microsoft Edge which could allow for arbitrary code execution. There are currently two ways in which it can be exploited: 1) File-based a. An attacker crafts a malicious document file to leverage the issue and to carry out some actions on […]
