Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised. In addition, depending on the privileges associated with the user, an attacker could […]
Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host. Details of the vulnerabilities are as follows: a)CVE-2016-2074: […]
Mozilla has released a security update stating that multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR) which could allow for remote code execution. Details of the vulnerabilities are as follows: a) A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs […]
VMware has released a security update stating that VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. In order for the exploitation to take place a VNC must be manually enabled. Further information on this vulnerability and how it can be mitigated can be […]
Adobe has released a security update stating that a vulnerability has been discovered in Adobe Dreamweaver where an OS Command Injection could be inserted into the URI Handler of the application. This could allow the attacker to perform arbitrary remote code execution. Further information on this vulnerability and how it can be fixed can be […]
The Samba Team has released a security update stating that all versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spools service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spools RPC calls could cause […]
Mozilla has released a security update stating that the following vulnerabilities have been fixed for FireFox Browser ver 59.0: a) Buffer overflow manipulating SVG animatedPathSegList – CVE-2018-5127 b) Use-after-free manipulating editor selection ranges – CVE-2018-5128 c) Out-of-bounds write with malformed IPC messages – CVE-2018-5129 d) Mismatched RTP payload type can trigger memory corruption – CVE-2018-5130 […]
Cisco has released a security update stating that a vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to […]
Google has reported that the following vulnerabilities have been discovered in Google Chrome: a) Use after free in Flash – (CVE-2018-6058, CVE-2018-6059) b) Incorrect permissions on shared memory – (CVE-2018-6057, CVE-2018-6063) c) Use after free in Blink – (CVE-2018-6060) d) Race condition in V8 – (CVE-2018-6061) e) Heap buffer overflow in Skia – (CVE-2018-6062) f) […]
Google has reported that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-16525, CVE-2017-16530) b) Multiple information disclosure vulnerabilities […]
