Adobe has released a security update stating that it has discovered the following issues in Adobe Flash Player: a) A type confusion vulnerability that could allow for arbitrary code execution – (CVE-2018-5007). b) An out-of-bounds read vulnerability that could lead to information disclosure – (CVE-2018-5008). Successful exploitation of the most severe of these vulnerabilities could …
Google has released a security update stating that the following issues have been discovered in the Android OS: a) A remote code execution vulnerability in Framework – (CVE-2018-9433). b) Multiple remote code execution vulnerabilities in Qualcomm components – (CVE-2018-3586, CVE-2018-5872). c) A remote code execution vulnerability in System – (CVE-2018-9365). d) An information disclosure vulnerability …
VMware has released a security update stating that ESXi, Workstation, and Fusion contain an out-of-bounds read vulnerability in their shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs. Further information on this vulnerability and how it can be mitigated can …
Mozilla has released a security update stating that it has discovered the following vulnerabilities Firefox ESR 52.9: a) Buffer overflow using computed size of canvas element – CVE-2018-12359. b) Use-after-free when using focus() – CVE-2018-12360. c) Integer overflow in SSSE3 scaler – CVE-2018-12362. Successful exploitation of the most severe of these vulnerabilities could allow for …
NETSCOUT Arbor has released a security update stating that the Simple Service Discovery Protocol (SSDP) can be exploited to launch a new type of distributed denial of service (DDoS) attack where devices respond with a non-standard port. SSDP, which was designed for service discovery over a local network, uses text-based HTTP messages over UDP (also …
PHP Security Consortium has released a security update stating that the following vulnerabilities have been discovered in PHP Ver 7.1.19 & 7.2.7: a) Bug #76174 – openssl extension fails to build with LibreSSL 2.7. b) Bug #76296 – openssl_pkey_get_public does not respect open_basedir. c) Bug #76333 – PHP built-in server does not find files if …
Microsoft has released a security update stating that the following vulnerabilities have been discovered within the Oracle Outside In Technology Module being utilized by Microsoft Exchange Server: a) A remote user can exploit a flaw in the Oracle Outside In Technology Outside In Filters component to access data and cause partial denial of service conditions …
Apple has released a security update stating that a vulnerability has been discovered in Xcode for macOS High Sierra where an attacker can bypass security restrictions. This is due to multiple issues existing in versions of git prior to 2.15.2. Further information on this vulnerability and how it can be mitigated can be found at …
Google has released a security update stating that a vulnerability has been discovered in Google Chrome where an attacker could execute arbitrary code in the browser. This is caused by an out-of-bounds write to arbitrary locations. Successful exploitation could allow the attacker to execute code to install programs; view, change, or delete data; or create …
The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients. This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been …