by CIRT Team
Red Hat Addresses DHCP Client Vulnerability
Description: Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. Impact: An attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://bugzilla.redhat.com/show_bug.cgi?id=1567974 https://access.redhat.com/security/cve/cve-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151
by CIRT Team
Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks [thehackernews]
A Google security researcher has discovered a critical remote command injection vulnerability in the DHCP client implementation of Red Hat Linux and its derivatives like Fedora operating system. The vulnerability, tracked as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. Whenever your system joins a network, it’s the DHCP client application which allows your system to automatically receive network configuration...
Read More
by CIRT Team
signal-desktop HTML tag injection [source: barreraoro]
Here’s the story of how a casual conversation uncovered a huge security hole in one of the most reliable messaging services. Story time It was Thursday afternoon: we were chatting as usual and suddenly Alfredo shows us an XSS in an Argentinian government site (don’t worry, it’s been reported). He was using the Signal add-on for Chrome. Javier and I were using the desktop version,...
Read More
by CIRT Team
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext[thehackernews]
An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What’s worse? The vulnerabilities also impact encrypted emails you sent in the past. PGP, or Pretty Good Privacy, is...
Read More
by CIRT Team
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Description: Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Impact: Successful exploitation of the most severe of these vulnerabilities could...
Read More
by CIRT Team
Critical Patches Issued for Microsoft Products, May 8, 2018
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. There are reports of a remote code execution vulnerability (CVE-2018-8174) being actively exploited in the wild as part of a cyber-espionage campaign. Impact: Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user....
Read More
by CIRT Team
Critical Alert: A Vulnerability in Adobe Flash Player Could Allow for Arbitrary Code Execution (APSB18-16)
Description: A vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Impact: Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the user running the application. Depending on...
Read More
by CIRT Team
Multiple Dell EMC Products CVE-2018-1239 Multiple Remote Command Injection Vulnerabilities
Description: Multiple Dell EMC Products are prone to multiple remote command-injection vulnerabilities. Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Impact: A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Mitigation: Updates are available. Please see the...
Read More
by CIRT Team
Apple Swift CVE-2018-4220 Arbitrary Code Execution Vulnerability
Description: Apple Swift is prone to an arbitrary code-execution vulnerability. Impact: A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT208804 https://lists.apple.com/archives/security-announce/2018/May/msg00000.html https://www.securityfocus.com/bid/104085/info https://swift.org/
by CIRT Team
Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability
Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser. Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers...
Read More
