IMPACT:Multiple vulnerabilities have been discovered in Oracle products, whichcould allow for remote code execution. SYSTEM AFFECTED:* Business Intelligence Enterprise Edition, versions 5.5.0.0.0,11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0* Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0* Enterprise Manager for Fusion Applications, version 13.3.0.0* Enterprise Manager Ops Center, version 12.4.0.0* Hyperion Financial Reporting, version 11.1.2.4* Hyperion Infrastructure Technology, version 11.1.2.4* Instantis EnterpriseTrack, versions 17.1-17.3* JD Edwards EnterpriseOne Orchestrator, versions prior to...
Read More
DESCRIPTIONSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character: IMPACTA heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,the most severe of which could allow for arbitrary code execution in thecontext of the system process. Solid Edge is used for designing andviewing 2D and 3D models. Depending on the privileges associated withthe application, an attacker could view, change, or delete data. If thisapplication has been configured to have fewer user rights on the system,exploitation of...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ JT2Go andTeamcenter Visualization products, the most severe of which could allowfor arbitrary code execution in the context of the system process. JT2Goand Teamcenter Visualization are used for viewing 3D models. Dependingon the privileges associated with the application, an attacker couldview, change, or delete data. If this application has been configured tohave fewer user rights on the system, exploitation...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution. Successfulexploitation of the most severe of these vulnerabilities could result inan attacker gaining the same privileges as the logged-on user. Dependingon the privileges associated with the user, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Users whose accounts...
Read More
DESCRIPTION:A vulnerability has been discovered in Adobe Photoshop which could allowfor arbitrary code execution. Photoshop is Adobe’s flagship imageediting software. Successful exploitation of this vulnerability couldallow for arbitrary code execution. Depending on the privilegesassociated with the user an attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.Users whose accounts are configured to have fewer user rights on...
Read More
BGD e-GOV CIRT Congratulates Senior Secretary N M Zeaul Alam for extension of his Service in ICT Division.
DESCRIPTION Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in...
Read More
DESCRIPTION A vulnerability has been discovered in Mozilla Firefox, Firefox ExtendedSupport Release (ESR) and Firefox for Android, which could allow forarbitrary code execution. Mozilla Firefox is a web browser used toaccess the Internet. Mozilla Firefox ESR is a version of the web browserintended to be deployed in large organizations. Firefox for Android is aversion of the web browser used on Android based mobile devices.Successful exploitation...
Read More
DESCRIPTIONMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view,...
Read More
