Mozilla has released a security update stating that multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR) which could allow for remote code execution. Details of the vulnerabilities are as follows: a) A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs …
VMware has released a security update stating that VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. In order for the exploitation to take place a VNC must be manually enabled. Further information on this vulnerability and how it can be mitigated can be …
Adobe has released a security update stating that a vulnerability has been discovered in Adobe Dreamweaver where an OS Command Injection could be inserted into the URI Handler of the application. This could allow the attacker to perform arbitrary remote code execution. Further information on this vulnerability and how it can be fixed can be …
The Samba Team has released a security update stating that all versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spools service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spools RPC calls could cause …
Mozilla has released a security update stating that the following vulnerabilities have been fixed for FireFox Browser ver 59.0: a) Buffer overflow manipulating SVG animatedPathSegList – CVE-2018-5127 b) Use-after-free manipulating editor selection ranges – CVE-2018-5128 c) Out-of-bounds write with malformed IPC messages – CVE-2018-5129 d) Mismatched RTP payload type can trigger memory corruption – CVE-2018-5130 …
Cisco has released a security update stating that a vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to …
Google has reported that the following vulnerabilities have been discovered in Google Chrome: a) Use after free in Flash – (CVE-2018-6058, CVE-2018-6059) b) Incorrect permissions on shared memory – (CVE-2018-6057, CVE-2018-6063) c) Use after free in Blink – (CVE-2018-6060) d) Race condition in V8 – (CVE-2018-6061) e) Heap buffer overflow in Skia – (CVE-2018-6062) f) …
Google has reported that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-16525, CVE-2017-16530) b) Multiple information disclosure vulnerabilities …
Red Hat has released a security update stating that it is aware of DDoS (Distributed Denial of Service) amplification attacks being performed by exploiting memcached servers exposed to the public Internet. These attacks take advantage of memcached communication using the UDP protocol for transport. The attack is effective because of the high amplification ratio – …
Several security vulnerabilities have been found in PHP7 which include: a) Bug #49876 (Fix LDAP path lookup on 64-bit distros). b) Bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). c) Bug #65414 (deal with leading slash when adding files correctly). d) Bug #65414 (deal with leading slash while adding files correctly). e) …