Cisco has a released a security update stating that a vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated during application configuration allowing an attacker to exploit this by using a known insecure key value to bypass security protections by sending arbitrary requests using […]
Microsoft has stated that it has released critical security updates for several of its products including: a) Microsoft Internet Explorer 9, 10, 11 b) Microsoft Edge c) Microsoft Windows: 7, 8.1, RT 8.1, 10 d) Microsoft Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2016 e) Microsoft Office Suite 2007 f) Microsoft Office 2010, 2013, […]
Adobe has released a security update stating that Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader, the most severe of which could allow for arbitrary code execution. Details are as follows: a) One security mitigation bypass vulnerability that could allow for privilege escalation (CVE-2018-4872) b) Four heap overflow vulnerabilities that could allow for […]
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details are as follows: a) Multiple remote code execution vulnerabilities in Media Framework (CVE-2017-13228, CVE-2017-13230) b) An information disclosure vulnerability in Media Framework (CVE-2017-13232) c) An elevation of […]
A vulnerability has been discovered in the GNU C Library of all Linux Distributions which could allow for arbitrary code execution. It is caused due to internal memalign() and malloc() functions in glibc failing to properly report allocation errors. This vulnerability can be exploited when the system processes maliciously crafted data. Successful exploitation could result […]
Adobe reports that a vulnerability has been discovered in Adobe Flash Player that could allow for remote code execution. This vulnerability occurs due to a use-after-free error (CVE-2018-4878). Depending on the privileges associated with this application, an attacker could then install programs, view, change, or delete data or create new accounts with full user rights. […]
HP has reported that a vulnerability has been discovered in HP printers which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. HP states that a directory traversal attack could allow […]
Cisco has released a security update stating that a vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free […]
A security update has been released for the popular Electron JavaScript library which is used in the development of desktop applications that utilize web components such as Skype and Slack. A vulnerability has been identified in the library where if the victim navigates to a specially crafted link that calls the app.setAsDefaultProtocolClient method in the […]
WPA2 Key Reinstallation Attacks (KRACKs) Date first published: 23/1/2018 1.0 Introduction TT-CSIRT wishes to advise that weaknesses have been discovered in the Wi-Fi Protected Access 2 (WPA2) protocol used to secure wireless networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Attackers can use these exploits […]
