Government of the Republic of Trinidad and Tobago                                                                                                                                        


Security Advisories

TTCSIRT-225.090919: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that it has discovered the following issues with the Android OS: a) A vulnerability in NVIDIA components could allow for Escalation of Privileges – (CVE-2018-6240). b) Multiple vulnerabilities in Media framework could allow for Remote Code Execution – (CVE-2019-2176). Further information on these vulnerabilities and how they can […]

Read More


TTCSIRT-224.090919: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following issues in versions of Mozilla Firefox Browser prior to 69.0: a) A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash – (CVE-2019-11746). b) Navigation events do […]

Read More


TTCSIRT-223.082719: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has discovered the following issues in Cisco Small Business 220 Series Smart Switches: a) An authentication bypass vulnerability which could allow for remote file upload due to incomplete authorization checks in the web management interface – (CVE-2019-1912). b) A command injection vulnerability could allow for arbitrary […]

Read More


TTCSIRT-222.082719: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat and Reader: a) Multiple Out-of-Bounds Read vulnerabilities that could allow for information disclosure – (CVE-2019-8077). b) A command injection vulnerability that could allow for arbitrary code execution – (CVE-2019-8060). c) Multiple heap overflow vulnerabilities that could allow for […]

Read More


TTCSIRT-221.080619: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that it has discovered the following issues in PHP7 – a) Bug #78256 – Heap-buffer-overflow on exif_process_user_comment. b) Bug #78222 – Heap-buffer-overflow on exif_scan_thumbnail. c) Bug #78039 – FTP with SSL memory leak. d) Bug #78279 – libxml_disable_entity_loader settings is shared between requests cgi-fcgi. e) Bug #76058 – […]

Read More


TTCSIRT-220.080619: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update sting that it has discovered in the following vulnerabilities in Google Chrome: a) Insufficient checks on filesystem – (CVE-2019-5856). b) Insufficient filtering of Open URL service parameters – (CVE-2019-5858). c) Insufficient port filtering in CORS for extensions – (CVE-2019-5864). d) Integer overflow in PDFium – (CVE-2019-5855). e) Integer overflow […]

Read More


TTCSIRT-219.072519: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that it has discovered the following issues in iOS ver12.4: a) A memory corruption issue where A remote attacker may be able to cause unexpected application termination or arbitrary code execution – (CVE-2019-8660). b) An issue existed in Samba that may allow attackers to perform unauthorized actions by […]

Read More


TTCSIRT-218.072519: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following issues in Mozilla FireFox: a) Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks – (CVE-2019-11724). b) […]

Read More


TTCSIRT-217.070919: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that an elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault. To […]

Read More


TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that it has found the following issues in the Android OS: a) Framework vulnerability enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions – (CVE-2019-2104). b) Library vulnerability enable a remote attacker using a specially crafted file to execute […]

Read More