by CIRT Team
VMware Releases Security Updates
Description:VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0023.html
by CIRT Team
Cisco Releases Security Update
Description:Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal
by CIRT Team
Microsoft Windows task scheduler Vulnerability in the ALPC interface
Description: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/906424
by CIRT Team
Apache Releases Security Update for Struts 2
Description: The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-057
by CIRT Team
Adobe Releases Security Updates
Description: Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
by CIRT Team
Ghostscript Sandbox Bypass Vulnerabilities
Description: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/332928
by CIRT Team
Microsoft Releases August 2018 Security Updates
Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573
by CIRT Team
Intel Q3 2018 Speculative Execution Side Channel Update
Description: Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the...
Read More
by CIRT Team
Oracle Releases Security Updates
Description: Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. This Security Alert addresses an Oracle Database vulnerability in versions 11.2.0.4 and 12.2.0.1 on Windows. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
by CIRT Team
VMware Releases Security Updates
Description: Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability. Relevant Products VMware Horizon 6 VMware Horizon 7 VMware Horizon Client for Windows Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0019.html
