Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability …
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. Details are as follows: 1) Use after free in Disk Cache – (CVE-2018-6085, CVE-2018-6086) 2) Use after free in WebAssembly – (CVE-2018-6087) 3) Use after free in PDFium …
Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior …
Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution. Details are as follows: a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932) b) Multiple remote code-execution vulnerabilities that occur due to …
Juniper Networks has released a series of security updates to address several vulnerabilities in its products. Details are as follows: a) Junos OS – kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) b) SRX Series – denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) c) SRX Series – crafted packet may …
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details are as follows: a) An elevation of privilege vulnerability in Android runtime – (CVE-2017-13274) b) An arbitrary code vulnerability …
Microsoft has released a security update stating that when the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Basically, an attacker with the ability to run …
Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS. Details are as follows: 1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144) 2) A command injection issue existed in the …
Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised. In addition, depending on the privileges associated with the user, an attacker could …
Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host. Details of the vulnerabilities are as follows: a)CVE-2016-2074: …