Government of the Republic of Trinidad and Tobago                                                                                                                                        


Security Advisories

TTCSIRT-195.011119: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in the following versions of PHP: Version 5.6.40 Bug #77242 (heap out of bounds read in xmlrpc_decode()). Bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). Bug #77269 (efree() on uninitialized Heap data in imagescale leads to Bug #77270 (imagecolormatch Out Of Bounds […]

Read More


TTCSIRT-194.011119: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System: a) An elevation of privilege vulnerability in Framework – (CVE-2018-9582). b) A remote code execution vulnerability in System – (CVE-2018-9583). c) Multiple elevation of privilege vulnerabilities in System – (CVE-2018-9584). d) Multiple information disclosure vulnerabilities in […]

Read More


TTCSIRT-193.010419: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that an issue in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated but unprivileged, (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using […]

Read More


TTCSIRT-192.010419: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) Multiple security bypass privilege escalation – (CVE-2018-16018). b) Multiple use after free arbitrary code execution (CVE-2018-16011). Successful exploitation of these vulnerabilities could result in the attacker gaining control of the affected system and depending on […]

Read More


TTCSIRT-191.122718: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that a remote code execution issue exists in the scripting engine that handles objects in memory in Internet Explorer ver 9, 10 & 11. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In […]

Read More


TTCSIRT-190.122718: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that an use-after-free issue in PDFium could allow for arbitrary code execution (CVE-2018-17481). Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code through the browser and depending on the privileges associated with the application, an attacker could install programs view, change, delete data or […]

Read More


TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following issues with Microsoft FireFox ver 64.0: a) A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. b) A use-after-free vulnerability can occur after deleting a selection element […]

Read More


TTCSIRT-188.121318: TT-CSIRT Advisory – WordPress Security Updates

WordPress has released a security update stating that it has discovered the following vulnerabilities with WordPress ver 5.0 and earlier: a) Authors can alter meta data to delete files that they are not authorized to. b) Authors can create posts of unauthorized post types with specially crafted input. c) URL inputs can lead to a […]

Read More


TTCSIRT-187.120518: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has discovered a vulnerability in the web framework code of Cisco Prime License Manager (PLM) which could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. This is due to a lack of proper validation of user-supplied input in SQL queries and as a result, […]

Read More


TTCSIRT-186.120518: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS: a) Elevation of privilege vulnerability in Framework – (CVE-2018-9547). b) Information disclosure vulnerability in Framework – (CVE-2018-9548). c) Multiple arbitrary code execution in System – (CVE-2018-9555, CVE-2018-9556). d) Multiple vulnerabilities in Qualcomm components – (CVE-2018-11960, CVE-2018-11961, CVE-2018-11963). […]

Read More