Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header. Once the override […]
Cisco has released a security update stating that a vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable and susceptible to Denial of Service (DoS) attacks. This issue exists due to to insufficient validation of a password change request. Further […]
Kernel.org has released a security update stating that a vulnerability in the Kernel-based Virtual Machine (KVM) virtualization subsystem of the Linux Kernel exists due to the vmx.c source code file failing to set the GDT.LIMIT value to the previous host. As a result, malicious entries could be placed in the Global Descriptor Table (GDT) on […]
PHP has released a security update stating that the following vulnerabilities have been found in PHP 7: Ver 7.2.8 Bug #71848 – Getimagesize with $imageinfo returns false Bug #73342 – Vulnerability in php-fpm by changing stdin to non-blocking Bug #74670 – Integer underflow when unserializing GMP and possible other classes Bug #75231 – ReflectionProperty#getValue() incorrectly […]
Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) CORS bypass in Blink – (CVE-2018-6168) b) Cross origin information leak in Blink – (CVE-2018-4117, CVE-2018-6177) c) Heap buffer overflow in WebGL – (CVE-2018-6154, CVE-2018-6162) d) Heap buffer overflow in WebRTC – (CVE-2018-6156) e) Integer overflow in […]
CERT has released a security update stating that Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange. This may allow an unauthenticated, remote attacker to be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by […]
Apache has released a security update stating that it has discovered the following vulnerabilities in all versions of Apache Tomcat 9.0 and above: a) Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up – CVE-2018-8037. b) A bug in the UTF-8 decoder can lead to Denial of Service (DoS) […]
Cisco has released a security update stating that it has found an issue in the Cluster Manager of Cisco Policy Suite which could allow an unauthenticated, remote attacker to log in to an affected system using the root account which has default, static user credentials. The vulnerability is due to the presence of undocumented, static […]
Talos has released a security update stating that it has found the following issues in Computerinsel Photoline which is an image-processing tool used to modify and edit images as well as other graphic-related material: a) A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. b) An […]
Apple has released a security update stating that the following vulnerabilities have been discovered in iTunes, iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, watchOS, tvOS, and iOS: a) A cookie management issue was addressed with improved checks – (CVE-2018-4293). b) A denial of service issue was addressed with improved memory handling […]
