VMWare has released a security update stating that the VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This issue may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. Further information on this vulnerability […]
Microsoft has released a security update stating that a vulnerability has been discovered in Microsoft Windows JET Database Engine due to an out-of-bounds write error. Successful exploitation of this vulnerability could allow for a remote attacker to execute code in the context of the current process. Further information on this vulnerability and how it can […]
Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this […]
PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.10 & Version 7.1.22: a) Bug #55146 – (iconv_mime_decode_headers() skips some headers) b) Bug #60494 – (iconv_mime_decode does ignore special characters) c) Bug #63839 – (iconv_mime_decode_headers function is skipping headers) d) Bug #65988 – (Zlib version check fails […]
Apple has released a security update stating that a vulnerability has been discovered in iOS ver 11.0 and later where an attacker in a privileged network position may be able to intercept analytics data sent to Apple. Further information on this vulnerability and how it can be mitigated can be found on the Apple Website […]
HP has released a security update stating that it has discovered a vulnerability in some versions of its inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow which could allow remote code execution. Further information on this vulnerability and which inkjet printer versions it […]
Google has released a security update stating that the following issues have been discovered in the Android OS: a) An remote code vulnerability in Android Runtime – (CVE-2018-9466). b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467). c) An information disclosure vulnerability in Framework – (CVE-2018-9468). d) Multiple elevation of privilege vulnerabilities in […]
Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion: a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963). b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962). c) An unrestricted file upload vulnerability that could allow for arbitrary […]
Cisco has released a security update stating that it has discovered a vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. This issue is due to folder […]
Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0: a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378). […]
