Drupal has released an advisory to address several vulnerabilities in Drupal 8.x: a) CVE-2017-6924 – REST API can bypass comment approval – when using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only […]
Cisco has released updates to address vulnerabilities affecting multiple products: a) Cisco Application Policy Infrastructure Controller Vulnerability – could allow an authenticated remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or […]
Symantec has released a security update to address the following security vulnerabilities in Symantec Messaging Gateway: a) Remote Code Execution – an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt […]
Juniper Networks has released a security advisory for Junos OS stating that an integer signedness vulnerability exists in libgd 2.1.1 which may result in a heap overflow when processing compressed gd2 data. Further information on this vulnerability and how it can be fixed can be found on the Juniper Website at https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798&cat=SIRT_1&actp=LIST
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR: a) Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. b) A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is […]
Cisco has released updates to address several vulnerabilities affecting the following products: a) Identity Services Engine Authentication – a vulnerability in the authentication module of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to bypass local authentication. This is due to improper handling of authentication requests and policy assignment for externally authenticated users. […]
Microsoft has released a security update for Microsoft Office Outlook stating An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file […]
McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway: a) CVE-2012-6706 – a VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. b) CVE-2017-1000364 – an issue was discovered in the […]
Google has released Chrome version 60.0.3112.78 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Further information on these vulnerabilities can be seen on the Google Chrome Website at https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
Joomla has released version 3.7.4 of its Content Management System software to address several security vulnerabilities in its previous versions: a) Lack of Ownership Verification affecting Joomla! 1.0.0 through Joomla 3.7.3 b) XSS Vulnerability affecting Joomla! 1.5.0 through Joomla! 3.7.3 For further information on this security update, view the Joomla Website at https://www.joomla.org/announcements/release-news/5710-joomla-3-7-4-release.html
