Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior […]
Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution. Details are as follows: a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932) b) Multiple remote code-execution vulnerabilities that occur due to […]
Juniper Networks has released a series of security updates to address several vulnerabilities in its products. Details are as follows: a) Junos OS – kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) b) SRX Series – denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) c) SRX Series – crafted packet may […]
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details are as follows: a) An elevation of privilege vulnerability in Android runtime – (CVE-2017-13274) b) An arbitrary code vulnerability […]
Microsoft has released a security update stating that when the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Basically, an attacker with the ability to run […]
Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS. Details are as follows: 1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144) 2) A command injection issue existed in the […]
Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised. In addition, depending on the privileges associated with the user, an attacker could […]
Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host. Details of the vulnerabilities are as follows: a)CVE-2016-2074: […]
Mozilla has released a security update stating that multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR) which could allow for remote code execution. Details of the vulnerabilities are as follows: a) A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs […]
VMware has released a security update stating that VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. In order for the exploitation to take place a VNC must be manually enabled. Further information on this vulnerability and how it can be mitigated can be […]
