Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-169.092818: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that a vulnerability has been discovered in Microsoft Windows JET Database Engine due to an out-of-bounds write error. Successful exploitation of this vulnerability could allow for a remote attacker to execute code in the context of the current process. Further information on this vulnerability and how it can …

TTCSIRT-168.092818: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this …

TTCSIRT-167.092018: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.10 & Version 7.1.22: a) Bug #55146 – (iconv_mime_decode_headers() skips some headers) b) Bug #60494 – (iconv_mime_decode does ignore special characters) c) Bug #63839 – (iconv_mime_decode_headers function is skipping headers) d) Bug #65988 – (Zlib version check fails …

TTCSIRT-166.092018: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that a vulnerability has been discovered in iOS ver 11.0 and later where an attacker in a privileged network position may be able to intercept analytics data sent to Apple. Further information on this vulnerability and how it can be mitigated can be found on the Apple Website …

TTCSIRT-165.091418: TT-CSIRT Advisory – HP Security Updates

HP has released a security update stating that it has discovered a vulnerability in some versions of its inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow which could allow remote code execution. Further information on this vulnerability and which inkjet printer versions it …

TTCSIRT-164.091318: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS: a) An remote code vulnerability in Android Runtime – (CVE-2018-9466). b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467). c) An information disclosure vulnerability in Framework – (CVE-2018-9468). d) Multiple elevation of privilege vulnerabilities in …

TTCSIRT-163.091318: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion: a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963). b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962). c) An unrestricted file upload vulnerability that could allow for arbitrary …

TTCSIRT-162.090718: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has discovered a vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. This issue is due to folder …

TTCSIRT-161.090718: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0: a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378). …

TTCSIRT-160.090318: TT-CSIRT Advisory – Joomla Security Updates

Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) – a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881). b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880). c) …