Microsoft has released a security update stating that a remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. Exploitation occurs when an attacker places malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could […]
Apple has a released a security update stating that the following vulnerabilities have been discovered in the macOS 10.13.4: a) A memory corruption issue was addressed with improved error handling which could lead to an application may be able to gain elevated privileges – CVE-2018-4206 b) A spoofing issue existed in the handling of URLs […]
Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability […]
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. Details are as follows: 1) Use after free in Disk Cache – (CVE-2018-6085, CVE-2018-6086) 2) Use after free in WebAssembly – (CVE-2018-6087) 3) Use after free in PDFium […]
Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior […]
Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution. Details are as follows: a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932) b) Multiple remote code-execution vulnerabilities that occur due to […]
Juniper Networks has released a series of security updates to address several vulnerabilities in its products. Details are as follows: a) Junos OS – kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) b) SRX Series – denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) c) SRX Series – crafted packet may […]
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details are as follows: a) An elevation of privilege vulnerability in Android runtime – (CVE-2017-13274) b) An arbitrary code vulnerability […]
Microsoft has released a security update stating that when the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Basically, an attacker with the ability to run […]
Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS. Details are as follows: 1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144) 2) A command injection issue existed in the […]
