Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-221.080619: TT-CSIRT Advisory – PHP Security Updates

by ttcsirtadmin | 6th August 2019

PHP has released a security update stating that it has discovered the following issues in PHP7 – a) Bug #78256 – Heap-buffer-overflow on exif_process_user_comment. b) Bug #78222 – Heap-buffer-overflow on exif_scan_thumbnail. c) Bug #78039 – FTP with SSL memory leak. d) Bug #78279 – libxml_disable_entity_loader settings is shared between requests cgi-fcgi. e) Bug #76058 – […]

Read More

TTCSIRT-220.080619: TT-CSIRT Advisory – Chrome Security Updates

by ttcsirtadmin | 6th August 2019

Google has released a security update sting that it has discovered in the following vulnerabilities in Google Chrome: a) Insufficient checks on filesystem – (CVE-2019-5856). b) Insufficient filtering of Open URL service parameters – (CVE-2019-5858). c) Insufficient port filtering in CORS for extensions – (CVE-2019-5864). d) Integer overflow in PDFium – (CVE-2019-5855). e) Integer overflow […]

Read More

TTCSIRT-219.072519: TT-CSIRT Advisory – Apple Security Updates

by ttcsirtadmin | 24th July 2019

Apple has released a security update stating that it has discovered the following issues in iOS ver12.4: a) A memory corruption issue where A remote attacker may be able to cause unexpected application termination or arbitrary code execution – (CVE-2019-8660). b) An issue existed in Samba that may allow attackers to perform unauthorized actions by […]

Read More

TTCSIRT-218.072519: TT-CSIRT Advisory – Mozilla Security Updates

by ttcsirtadmin | 24th July 2019

Mozilla has released a security update stating that it has discovered the following issues in Mozilla FireFox: a) Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks – (CVE-2019-11724). b) […]

Read More

TTCSIRT-217.070919: TT-CSIRT Advisory – Microsoft Security Updates

by ttcsirtadmin | 9th July 2019

Microsoft has released a security update stating that an elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault. To […]

Read More

TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates

by ttcsirtadmin | 9th July 2019

Google has released a security update stating that it has found the following issues in the Android OS: a) Framework vulnerability enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions – (CVE-2019-2104). b) Library vulnerability enable a remote attacker using a specially crafted file to execute […]

Read More

TTCSIRT-215.062819: TT-CSIRT Advisory – Ubuntu Security Updates

by ttcsirtadmin | 28th June 2019

Canonical has released a security update stating that it has discovered a vulnerability in its Ubuntu Linux OS where a sequence of specifically crafted selective acknowledgements (SACK) may trigger an integer overflow, leading to a denial of service or possible kernel failure. Further information on this vulnerability and how it can be mitigated can be […]

Read More

TTCSIRT-214.062819: TT-CSIRT Advisory – Microsoft Security Updates

by ttcsirtadmin | 28th June 2019

Microsoft has released a security update stating that it has discovered a vulnerability in Microsoft Exchange 2013 which can allow a remote attacker to gain administrative privileges. This is issue is caused due to one of the EWS API functions called PushSubscriptionRequest. This can be can be used to cause the Exchange server to connect […]

Read More

TTCSIRT-213.061419: TT-CSIRT Advisory – Chrome Security Updates

by ttcsirtadmin | 13th June 2019

Google has released a security update stating that it has found the following vulnerabilities in Google Chrome: a) Cross-origin resources size disclosure in Appcache – (CVE-2019-5837) b) Heap buffer overflow in Angle – (CVE-2019-5836) c) Inconsistent security UI placement – (CVE-2019-5833) d) Incorrect CORS handling in XHR – (CVE-2019-5832) e) Incorrect handling of certain code […]

Read More

TTCSIRT-212.061419: TT-CSIRT Advisory – Cisco Security Updates

by ttcsirtadmin | 13th June 2019

Cisco has released a security update stating that a vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The issue is due to insufficient CSRF protections for the web UI on an affected device. […]

Read More

Page 1 of 21123451020...Last »