Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this […]
PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.10 & Version 7.1.22: a) Bug #55146 – (iconv_mime_decode_headers() skips some headers) b) Bug #60494 – (iconv_mime_decode does ignore special characters) c) Bug #63839 – (iconv_mime_decode_headers function is skipping headers) d) Bug #65988 – (Zlib version check fails […]
Apple has released a security update stating that a vulnerability has been discovered in iOS ver 11.0 and later where an attacker in a privileged network position may be able to intercept analytics data sent to Apple. Further information on this vulnerability and how it can be mitigated can be found on the Apple Website […]
HP has released a security update stating that it has discovered a vulnerability in some versions of its inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow which could allow remote code execution. Further information on this vulnerability and which inkjet printer versions it […]
Google has released a security update stating that the following issues have been discovered in the Android OS: a) An remote code vulnerability in Android Runtime – (CVE-2018-9466). b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467). c) An information disclosure vulnerability in Framework – (CVE-2018-9468). d) Multiple elevation of privilege vulnerabilities in […]
Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion: a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963). b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962). c) An unrestricted file upload vulnerability that could allow for arbitrary […]
Cisco has released a security update stating that it has discovered a vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. This issue is due to folder […]
Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0: a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378). […]
Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) – a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881). b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880). c) […]
Apache has released a security update stating that a vulnerability has been discovered in Apache Struts where it is possible for an attacker to perform a Remote Code Eexecution attack when the namespace value isn’t set for a result defined in certain underlying configurations. Further information on this vulnerability and how it can be mitigated […]
