Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-213.061419: TT-CSIRT Advisory – Chrome Security Updates

by ttcsirtadmin | 13th June 2019

Google has released a security update stating that it has found the following vulnerabilities in Google Chrome: a) Cross-origin resources size disclosure in Appcache – (CVE-2019-5837) b) Heap buffer overflow in Angle – (CVE-2019-5836) c) Inconsistent security UI placement – (CVE-2019-5833) d) Incorrect CORS handling in XHR – (CVE-2019-5832) e) Incorrect handling of certain code […]

Read More

TTCSIRT-212.061419: TT-CSIRT Advisory – Cisco Security Updates

by ttcsirtadmin | 13th June 2019

Cisco has released a security update stating that a vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The issue is due to insufficient CSRF protections for the web UI on an affected device. […]

Read More

TTCSIRT-211.053119: TT-CSIRT Advisory – Mozilla Security Updates

by ttcsirtadmin | 31st May 2019

Mozilla has released a security update stating that it has discovered the following vulnerabilities in Mozilla FireFox ver67.0: a) Timing Attack Vulnerability (CVE-2019-9815) – if hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. b) Type Confusion Vulnerability (CVE-2019-9816) – a possible vulnerability exists where type confusion can occur when […]

Read More

TTCSIRT-210.053119: TT-CSIRT Advisory – IBM Security Updates

by ttcsirtadmin | 31st May 2019

IBM has released a security update stating that it has discovered a vulnerability in IBM WebSphere Application Server that could allow for remote code execution. This issue occurs when serializing an object from an untrusted source. IBM WebSphere Application Server is a software framework and middleware that hosts Java-based web applications. Further information on this […]

Read More

TTCSIRT-209.051519: TT-CSIRT Advisory – VMware Security Updates

by ttcsirtadmin | 14th May 2019

VMware has released a security update stating that VMware Workstation contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. Further information on this […]

Read More

TTCSIRT-208.051519: TT-CSIRT Advisory – Adobe Security Updates

by ttcsirtadmin | 14th May 2019

Adobe has released a security update stating that it has discovered the following issues in the latest versions of Adobe Acrobat and Reader: a) Multiple Out-of-Bounds Read vulnerabilities that could allow for Information Disclosure – (CVE-2019-7841, CVE-2019-7836). b) Multiple Use After Free vulnerabilities that could allow for Arbitrary Code Execution – (CVE-2019-7835, CVE-2019-7834). c) A […]

Read More

TTCSIRT-207.042319: TT-CSIRT Advisory – Drupal Security Updates

by ttcsirtadmin | 23rd April 2019

Drupal has released a security update stating that the following vulnerabilities have been discovered in the Drupal Core Module: a) Validation messages were not escaped when using the form theme of the PHP templating engine which, when validation messages may contain user input, could result in an XSS – (CVE-2019-10909). b) Service IDs derived from […]

Read More

TTCSIRT-206.042319: TT-CSIRT Advisory – Cisco Security Updates

by ttcsirtadmin | 23rd April 2019

Cisco has released a security update stating that it has discovered a vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) where an attacker could access the development shell without proper authentication, which allows for root access to the underlying Linux OS. This vulnerability exists because the software improperly validates […]

Read More

TTCSIRT-205.040919: TT-CSIRT Advisory – Samba Security Updates

by ttcsirtadmin | 8th April 2019

Samba Team has released a security update stating that Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, “winreg_SaveKey”, is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere as they have unix permissions to create a new file […]

Read More

TTCSIRT-204.040919: TT-CSIRT Advisory – Apache Security Updates

by ttcsirtadmin | 8th April 2019

Apache has released a security update stating that in Apache HTTP Server 2.4 releases, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Further information on this vulnerability and how it can be mitigated can be […]

Read More

Page 1 of 20123451020...Last »