Cisco has released updates to address several vulnerabilities affecting the following products: a) Identity Services Engine Authentication – a vulnerability in the authentication module of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to bypass local authentication. This is due to improper handling of authentication requests and policy assignment for externally authenticated users. […]
Microsoft has released a security update for Microsoft Office Outlook stating An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file […]
McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway: a) CVE-2012-6706 – a VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. b) CVE-2017-1000364 – an issue was discovered in the […]
Google has released Chrome version 60.0.3112.78 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Further information on these vulnerabilities can be seen on the Google Chrome Website at https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
Joomla has released version 3.7.4 of its Content Management System software to address several security vulnerabilities in its previous versions: a) Lack of Ownership Verification affecting Joomla! 1.0.0 through Joomla 3.7.3 b) XSS Vulnerability affecting Joomla! 1.5.0 through Joomla! 3.7.3 For further information on this security update, view the Joomla Website at https://www.joomla.org/announcements/release-news/5710-joomla-3-7-4-release.html
IBM has issued a high severity security alert stating that the IBM Cisco MDS Series Switches have a vulnerability that could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root or system-level […]
Apple has released security updates to address vulnerabilities in many of its products including iTunes, iCloud & the tvOS. TTCSIRT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: tvOS iTunes for Windows iCloud for Windows Safari macOS Sierra, Security Updates iOS watchOS
Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
The Simple Network Management Protocol subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via […]
A security researcher testing a Juniper NetScreen Firewall + VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. A user with the ‘security’ role can inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute […]
