by CIRT Team
VMware Releases Security Updates
Description: VMware has released security updates to address a vulnerability in vRealize Automation. Impact: An attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0009.html
by CIRT Team
Adobe Releases Security Updates
Description: Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/phonegap/apsb18-15.html https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html https://helpx.adobe.com/security/products/indesign/apsb18-11.html https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
by CIRT Team
Microsoft Releases Security Updates
Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The April security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player Microsoft Malware Protection Engine Microsoft Visual Studio Microsoft Azure IoT SDK Impact: A remote attacker could exploit this vulnerability to take control of...
Read More
by CIRT Team
Microsoft Releases Patch for Windows 7 and Windows Server 2008 R2 Systems
Description: Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. This issue is addressed in the Microsoft update for CVE-2018-1038. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/277400
by CIRT Team
Apache Software Foundation Releases Security Update
Description: The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Upgrade to Struts 2.5.16. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-056
by CIRT Team
Drupal core – Highly critical – Remote Code Execution
Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: If you are running 7.x, upgrade to Drupal 7.58. If you are running...
Read More
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released updates to address vulnerabilities affecting multiple products. Review the following Cisco Security Advisories and apply the necessary updates: Cisco IOS XE Software Static Credential Vulnerability Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability Impact: A remote attacker could exploit some of these vulnerabilities to...
Read More
by CIRT Team
Critical Alert: Multiple Vulnerabilities in Mozilla Firefox Could Allow for Remote Code Execution
Description: Multiple vulnerabilities have been discovered in MozillaFirefox and Firefox Extended Support Release (ESR), which could allow for remote code execution. Details of the vulnerabilities are as follows: * A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs due to an out-of-bounds write error in the ‘libvorbis’ library. (CVE-2018-5146) * A remote code-execution vulnerability exists because...
Read More
by CIRT Team
Critical Alert: Multiple Vulnerabilities in Adobe Flash Player Could Allow for Remote Code Execution
Description: Multiple vulnerabilities have been discovered in Adobe Flash Player that could allow for remote code execution. These vulnerabilities are as follows: * One use after free vulnerability that could allow for remote code execution (CVE-2018-4919). * One type confusion vulnerability that could allow for remote code execution (CVE-2018-4920) Impact: Successful exploitation of these vulnerabilities could result in the attacker gaining control of the affected...
Read More
by CIRT Team
Critical Alert: A Vulnerability in ManageEngine Applications Manager Could Allow for Remote Code Execution
Description: A vulnerability has been discovered in ManageEngine Applications Manager, which could allow for remote code execution. The publically accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specific system. This endpoint calls several internal classes and then executes a PowerShell script. If the specified system is an Office SharePoint Server, then the username and password parameters to this script...
Read More
