by CIRT Team
WordPress 4.8.3 Security Release
Description: WordPress 4.8.3 is now available. This is a security release for all previous versions and it is strongly encouraged you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from...
Read More
by CIRT Team
Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
Description: The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is...
Read More
by CIRT Team
PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
Description: Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. Impact: Successful exploits may allow...
Read More
by CIRT Team
CVE-2017-15265: Linux Kernel ALSA Sequencer Interface Use-After-Free Memory Vulnerability
Description: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Impact: An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible. Mitigation: Administrators may disable administrative privileges on...
Read More
by CIRT Team
Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
Description: A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit...
Read More
by CIRT Team
Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
Description: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Impact: The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in...
Read More
by CIRT Team
Cisco AMP for Endpoints Static Key Vulnerability
Description: On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP for Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. Impact: The vulnerability is due to the use of a static key value stored in the application used to encrypt the...
Read More
by CIRT Team
Microsoft Releases October 2017 Security Update
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
Wordfence! Publishes Security Updates for WordPress plugin
Description: PHP Object Injection Vulnerability Severity 9.8 (Critical) have been found in Appointments, RegistrationMagic-Custom Registration Forms, and Flickr Gallery plugins. Affected plugins and versions: Appointments by WPMU Dev (fixed in 2.2.2) Flickr Gallery by Dan Coulter (fixed in 1.5.3) RegistrationMagic-Custom Registration Forms by CMSHelpLive (fixed in 3.7.9.3) Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available....
Read More
by CIRT Team
Mozilla! Releases Security Update
Description: Mozilla! has released security updates to address multiple vulnerabilities for the following softwares : Firefox ESR 52.4 Firefox 56 Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/