Security Advisories & Alerts

Microsoft Office CVE-2017-11825 Remote Code Execution Vulnerability

Description: Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. Impact: An...

Read more

Windows ASLR Vulnerability !!

Description:  Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard. Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to...

Read more

Microsoft Releases November 2017 Security Updates

Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The November security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ASP.NET Core and .NET Core Chakra Core Impact: A remote attacker could exploit some...

Read more

Joomla! Releases Security Update

Description: Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. Impact: A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s:

WordPress 4.8.3 Security Release

Description: WordPress 4.8.3 is now available. This is a security release for all previous versions and it is strongly encouraged you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not...

Read more

Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability

Description: The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with...

Read more

PostgreSQL CVE-2014-0062 Security Bypass Vulnerability

Description: Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting...

Read more

Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability

Description:  A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Impact: The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive...

Read more

Page 20 of 36« First...10...1819202122...30...Last »