TTCSIRT-165.091418: TT-CSIRT Advisory – HP Security Updates

TTCSIRT-165.091418: TT-CSIRT Advisory – HP Security Updates

HP has released a security update stating that it has discovered a vulnerability in some versions of its inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow which could allow remote code execution. Further information on this vulnerability and which inkjet printer versions it […]

TTCSIRT-164.091318: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS: a) An remote code vulnerability in Android Runtime – (CVE-2018-9466). b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467). c) An information disclosure vulnerability in Framework – (CVE-2018-9468). d) Multiple elevation of privilege vulnerabilities in […]

TTCSIRT-163.091318: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe ColdFusion: a) A security bypass vulnerability that could allow for arbitrary folder creation – (CVE-2018-15963). b) A directory listing vulnerability that could allow for information disclosure – (CVE-2018-15962). c) An unrestricted file upload vulnerability that could allow for arbitrary […]

TTCSIRT-160.090318: TT-CSIRT Advisory – Joomla Security Updates

Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) – a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881). b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880). c) […]

TTCSIRT-158.081718: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) One out-of-bounds vulnerability that could allow for arbitrary code execution – (CVE-2018-12808). b) One untrusted pointer deference vulnerability that could allow for arbitrary code execution – (CVE-2018-12799). Successful exploitation of these vulnerabilities could result in […]

TTCSIRT-157.081718: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released a security update stating that a vulnerability has been discovered in Oracle Database Server that could allow for complete compromise of the database. The issue resides in the Oracle Database Server where low-privileged attackers that have Create Session privileges can compromise the Java Virtual Machine component and take complete control of the […]

TTCSIRT-156.081318: TT-CSIRT Advisory – NetComm Security Updates

ICS-CERT has released a security update stating that the NetComm’s Wireless 4G LTE Light Industrial M2M Router is vulnerable to: a) Information Exposure b) Cross-site Request Forgery c) Cross-site Scripting The flaws can be exploited remotely from the Internet and have been classified by ICS-CERT as “critical” while the information disclosure issues are said to […]