Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. This attack only affects Windows operating systems. Other operating systems are unaffected. Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
Description: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Impact: Attackers can exploit...
Read More
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
