The Samba Team has released a security update stating that all versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spools service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spools RPC calls could cause […]
Mozilla has released a security update stating that the following vulnerabilities have been fixed for FireFox Browser ver 59.0: a) Buffer overflow manipulating SVG animatedPathSegList – CVE-2018-5127 b) Use-after-free manipulating editor selection ranges – CVE-2018-5128 c) Out-of-bounds write with malformed IPC messages – CVE-2018-5129 d) Mismatched RTP payload type can trigger memory corruption – CVE-2018-5130 […]
Cisco has released a security update stating that a vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to […]
Google has reported that the following vulnerabilities have been discovered in Google Chrome: a) Use after free in Flash – (CVE-2018-6058, CVE-2018-6059) b) Incorrect permissions on shared memory – (CVE-2018-6057, CVE-2018-6063) c) Use after free in Blink – (CVE-2018-6060) d) Race condition in V8 – (CVE-2018-6061) e) Heap buffer overflow in Skia – (CVE-2018-6062) f) […]
Google has reported that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-16525, CVE-2017-16530) b) Multiple information disclosure vulnerabilities […]
Red Hat has released a security update stating that it is aware of DDoS (Distributed Denial of Service) amplification attacks being performed by exploiting memcached servers exposed to the public Internet. These attacks take advantage of memcached communication using the UDP protocol for transport. The attack is effective because of the high amplification ratio – […]
Several security vulnerabilities have been found in PHP7 which include: a) Bug #49876 (Fix LDAP path lookup on 64-bit distros). b) Bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). c) Bug #65414 (deal with leading slash when adding files correctly). d) Bug #65414 (deal with leading slash while adding files correctly). e) […]
The Internet Systems Consortium (ISC) has released a security update stating that a vulnerability in the Berkeley Internet Name Domain (BIND) has been found which, if exploited an attacker, could cause a Denial of Service (DoS) condition. This vulnerability is caused by a malformed packet BIND erroneously selecting a SERVFAIL rcode instead of a FORMERR […]
Drupal has released several security updates to make developers ware that multiple vulnerabilities exist in both Drupal 7 and Drupal 8 including a) Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. b) Drupal has […]
Cisco has a released a security update stating that a vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated during application configuration allowing an attacker to exploit this by using a known insecure key value to bypass security protections by sending arbitrary requests using […]
