Microsoft has released a security update stating that multiple vulnerabilities have been discovered in Microsoft Office PowerPoint and Excel for Mac where an attacker could entice a victim to open a specially crafted file using the affected application where Microsoft Office PowerPoint and Excel for Mac fails to properly handle objects in memory. Details of […]
VMware has released a security update stating that VMware NSX SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks as successful exploitation of this issue could result in remote code execution. Further information on this […]
Mozilla has released a security update stating that the following vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR): a) A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension […]
Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Heap buffer overflow in PDFium – (CVE-2018-6120) b) Privilege escalation in extensions – (CVE-2018-6121) c) Type confusion in V8 – (CVE-2018-6122) d) Chain leading to sandbox escape Successful exploitation of the most severe of these vulnerabilities could […]
Microsoft has released a security update stating that vulnerabilities have been found in several of its products which could allow for remote code execution. Products affected include: 1) Microsoft Windows 7, 8, RT 8.1, and 10 2) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 3) Microsoft Windows Server Core Installation 2008, 2008 […]
Adobe has released a security update stating that a vulnerability has been discovered in Adobe Flash Player which could allow for arbitrary code execution due to type confusion error. Depending on the privileges associated with the user, an attacker could then install programs, view, change, delete data or create new accounts with full user rights. […]
Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow for an unauthenticated, remote attacker to establish a Secure Sockets Layer (SSL) Virtual Private Network (VPN) connection to the device and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect […]
Microsoft has released a security update stating that a remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. Exploitation occurs when an attacker places malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could […]
Apple has a released a security update stating that the following vulnerabilities have been discovered in the macOS 10.13.4: a) A memory corruption issue was addressed with improved error handling which could lead to an application may be able to gain elevated privileges – CVE-2018-4206 b) A spoofing issue existed in the handling of URLs […]
Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability […]
