Description: Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 Impact: An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on...
Read More
Description: VMware releases security updates to address vulnerabilities. This release consists of security updates for the following software: ESXi vCenter Server Fusion Workstation Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2017-0015.html
Description: Microsoft releases security updates for September 17. This release consists of security updates for the following software: Microsoft Excel 2016 for Mac Microsoft Office 2016 for Mac Microsoft .NET Framework Windows Server 2008 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/summary https://support.microsoft.com/en-us/help/20170912/security-update-deployment-information-september-12-2017
Description: Todd Miller’s sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. This issue is fixed in sudo 1.8.20p2. NOTE: This issue is the result of an incomplete fix for the issue described in BID 98745...
Read More
Description: The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Apache Struts 2.5 through 2.5.12...
Read More
