by CIRT Team
Apple Releases Multiple Security Updates Recommended For All Users
Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : iOS 11.2.2 Safari 11.0.2 macOS High Sierra 10.13.2 Impact: An attacker could exploit these vulnerabilities to obtain access to sensitive information. Mitigation: Updates are available. Please see the Apple security pages for more information. Reference URL’s: https://support.apple.com/en-us/HT208401 https://support.apple.com/en-us/HT208403 https://support.apple.com/en-us/HT208397
by CIRT Team
VMware Releases Security Updates!!
Description: VMware has released security updates to address multiple vulnerabilities for the following products vRealize Operations for Horizon (V4H) vRealize Operations for Published Applications (V4PA) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) Horizon View Client for Windows Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references...
Read More
by CIRT Team
Mozilla Security Update for Thunderbird!!
Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. This attack only affects Windows operating systems. Other operating systems are unaffected. Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
by CIRT Team
Microsoft Releases Security Updates for its Malware Protection Engine
Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
Huawei Smart Phones CVE-2017-8205 Integer Overflow Vulnerability
Description: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Impact: Attackers can exploit...
Read More
by CIRT Team
Xen Information Disclosure Vulnerability: CVE-2017-17046
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
by CIRT Team
Xen Information Disclosure Vulnerability: CVE-2017-17046
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
by CIRT Team
Multiple Cisco WebEx Products Multiple Security Vulnerabilities
Description: Multiple Cisco WebEx Products are prone to the following security vulnerabilities: Multiple remote code-execution vulnerabilities Multiple denial-of-service vulnerabilities Impact: An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs- CSCve02843 CSCve10584 CSCve10591 CSCve10658 CSCve10744 CSCve10749 CSCve10762...
Read More
by CIRT Team
Apple Releases Security Update for macOS High Sierra !
Description: Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. Impact: An attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.kb.cert.org/vuls/id/113765 https://support.apple.com/en-us/HT208315
by CIRT Team
Juniper Junos Space CVE-2017-10622 Authentication Bypass Vulnerability
Description: An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3 Impact: An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead...
Read More
