Apple has released a security update stating that Apple MacOS High Sierra (10.13) contains a flaw in how it authenticates disabled accounts. When a privileged action prompts the user for administrative credentials, the user can simply enter the user of “root” with an empty password. The first attempt appears to fail, but in actuality, this […]
Intel has released security updates to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on […]
Symantec has a security update stating that the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing “traverse to parent directory” are passed through to the file […]
Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on the Oracle Website at http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: a) A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page allowing for […]
Multiple vulnerabilities have been discovered in Microsoft products which, depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. A full list of all vulnerabilities and how they can be fixed can be found on the Microsoft Website […]
Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for remote code execution. The vulnerabilities are as follows: a) Two access of uninitialized point vulnerabilities that could result in remote could execution – (CVE-2017-16377, CVE-2017-16378) b) Six use after free vulnerabilities that could result in remote […]
Joomla has released security updates to address the following vulnerabilities: a) Medium Priority – Core – LDAP Information Disclosure (affecting Joomla! 1.5.0 through 3.8.1) b) Medium Priority – Core – Two-Factor Authentication Bypass (affecting Joomla! 3.2.0 through 3.8.1) c) Low Priority – Core – Information Disclosure (affecting Joomla! 3.7.0 through 3.8.1) Further information on these […]
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2017-0830, CVE-2017-0831) b) Multiple arbitrary code execution vulnerabilities in Media Framework – […]
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Information on the products affected and how they can be fixed can be found on the Cisco Website via the following links: a) Wireless LAN Controller 802.11v Basic […]
