The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients. This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been […]
VMware has released a security update stating that VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card […]
Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This is due to lack of proper input validation of the HTTP URL. […]
Google has released a security update stating that the following vulnerabilities have been discovered in the Android OS: a) Multiple information disclosure vulnerabilities in Framework – (CVE-2017-13227, CVE-2018-9340). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9338, CVE-2018-9339). c) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-17558, CVE-2017-17806, CVE-2017-17807, CVE-2018-9363). d) An […]
Mozilla has released a security update stating that a vulnerability in the Mozilla Firefox Browser exists where a heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file. This results in a potentially exploitable crash and a remote attacker could exploit these vulnerabilities to take control of […]
Adobe has released a security update stating that Adobe Flash Player is prone to the following vulnerabilities: a) A stack-based buffer overflow that could allow for arbitrary code execution – (CVE-2018-5002). b) A type confusion that could allow for arbitrary code execution – (CVE-2018-4945). c) An integer overflow that could lead to information disclosure – […]
Google has released a security state stating that the following vulnerabilities have been discovered in Google Chrome: a) Heap buffer overflow in Skia – (CVE-2018-6141, CVE-2018-6126) b) Incorrect escaping of MathML in Blink – (CVE-2018-6145) c) Incorrect mutability protection in WebAssembly – (CVE-2018-6131) d) Leak of visited status of page in Blink – (CVE-2018-6137) e) […]
Apple has released a security update stating that it has discovered the following vulnerabilities in the macOS High Sierra 10.13.5: a) Accessibility Framework – a malicious application may be able to execute arbitrary code with system privileges (CVE-2018-4196). b) AMD – a local user may be able to read kernel memory (CVE-2018-4253). c) Bluetooth – […]
Talos has reported that a sophisticated modular malware system known as VPNFilter has a destructive capability that can make the affected device unusable. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment as well as QNAP network-attached storage (NAS) devices. In addition, compromised devices may be vulnerable to the […]
Cisco has released a security update stating that a vulnerability in Cisco Digital Network Architecture (DNA) Center which could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.This is due to the presence of undocumented, static user credentials for the default […]
