Mozilla has released a security update stating that it has discovered the following vulnerabilities Firefox ESR 52.9: a) Buffer overflow using computed size of canvas element – CVE-2018-12359. b) Use-after-free when using focus() – CVE-2018-12360. c) Integer overflow in SSSE3 scaler – CVE-2018-12362. Successful exploitation of the most severe of these vulnerabilities could allow for […]
NETSCOUT Arbor has released a security update stating that the Simple Service Discovery Protocol (SSDP) can be exploited to launch a new type of distributed denial of service (DDoS) attack where devices respond with a non-standard port. SSDP, which was designed for service discovery over a local network, uses text-based HTTP messages over UDP (also […]
PHP Security Consortium has released a security update stating that the following vulnerabilities have been discovered in PHP Ver 7.1.19 & 7.2.7: a) Bug #76174 – openssl extension fails to build with LibreSSL 2.7. b) Bug #76296 – openssl_pkey_get_public does not respect open_basedir. c) Bug #76333 – PHP built-in server does not find files if […]
Microsoft has released a security update stating that the following vulnerabilities have been discovered within the Oracle Outside In Technology Module being utilized by Microsoft Exchange Server: a) A remote user can exploit a flaw in the Oracle Outside In Technology Outside In Filters component to access data and cause partial denial of service conditions […]
Apple has released a security update stating that a vulnerability has been discovered in Xcode for macOS High Sierra where an attacker can bypass security restrictions. This is due to multiple issues existing in versions of git prior to 2.15.2. Further information on this vulnerability and how it can be mitigated can be found at […]
Google has released a security update stating that a vulnerability has been discovered in Google Chrome where an attacker could execute arbitrary code in the browser. This is caused by an out-of-bounds write to arbitrary locations. Successful exploitation could allow the attacker to execute code to install programs; view, change, or delete data; or create […]
The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients. This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been […]
VMware has released a security update stating that VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card […]
Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This is due to lack of proper input validation of the HTTP URL. […]
Google has released a security update stating that the following vulnerabilities have been discovered in the Android OS: a) Multiple information disclosure vulnerabilities in Framework – (CVE-2017-13227, CVE-2018-9340). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9338, CVE-2018-9339). c) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-17558, CVE-2017-17806, CVE-2017-17807, CVE-2018-9363). d) An […]
