Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0: a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378). […]
Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) – a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881). b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880). c) […]
Apache has released a security update stating that a vulnerability has been discovered in Apache Struts where it is possible for an attacker to perform a Remote Code Eexecution attack when the namespace value isn’t set for a result defined in certain underlying configurations. Further information on this vulnerability and how it can be mitigated […]
Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) One out-of-bounds vulnerability that could allow for arbitrary code execution – (CVE-2018-12808). b) One untrusted pointer deference vulnerability that could allow for arbitrary code execution – (CVE-2018-12799). Successful exploitation of these vulnerabilities could result in […]
Oracle has released a security update stating that a vulnerability has been discovered in Oracle Database Server that could allow for complete compromise of the database. The issue resides in the Oracle Database Server where low-privileged attackers that have Create Session privileges can compromise the Java Virtual Machine component and take complete control of the […]
ICS-CERT has released a security update stating that the NetComm’s Wireless 4G LTE Light Industrial M2M Router is vulnerable to: a) Information Exposure b) Cross-site Request Forgery c) Cross-site Scripting The flaws can be exploited remotely from the Internet and have been classified by ICS-CERT as “critical” while the information disclosure issues are said to […]
VMware has released a security update stating that Horizon ver 6.0 – 7.0 for Windows contains an out-of-bounds read vulnerability in the Message Framework library. This issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Further […]
Mozilla has released a security update stating that it has found the following critical vulnerabilities within Mozilla Thunderbird ver 60.0: a) Bug #1459162 – a buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. […]
Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header. Once the override […]
Cisco has released a security update stating that a vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable and susceptible to Denial of Service (DoS) attacks. This issue exists due to to insufficient validation of a password change request. Further […]
