Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Information on these vulnerabilities and how they can be fixed can be found on the Oracle Website at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; …
Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to …
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) An elevation of privilege vulnerability in the Framework – (CVE-2017-0806) b) Three arbitrary code execution vulnerabilities in the Media Framework …
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13: a) A local attacker may gain access to an encrypted APFS volume – if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. b) A malicious application can extract …
Mozilla has confirmed the following vulnerabilities in Firefox and Firefox Extended Support Release (ESR): a) A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash – (CVE-2017-7793) b) A spoofing vulnerability for Firefox for Android, that can …
Multiple vulnerabilities have been discovered in Cisco IOS and IOS XE Software, the most severe of which could result in remote code execution. Details of these vulnerabilities are as follows: a) A remote code execution vulnerability exists in the DHCP relay subsystem due to a buffer overflow condition – (CVE-2017-12240) b) A denial of service …
Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows: a) An ssh:// URL scheme handling issue was addressed through improved input validation (CVE-2017-1000117) b) Multiple memory corruption issues were addressed with improved memory …
Multiple vulnerabilities have been discovered in Google Chrome, which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: Out-of-bounds access in V8. (CVE-2017-5121, CVE-2017-5122) Successful exploitation of these vulnerabilities could allow an attacker …
The Samba Team has released security updates to address several vulnerabilities in Samba – a) A man in the middle attack may hijack client connections. b) A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used …