On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote...
Adobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop
CC for Windows and MacOS. These updates address critical and important
vulnerabilities, which successful...
On 14th of May 2018, security researchers released technical details
concerning vulnerabilities impacting OpenPGP and S/MIME encryption
technologies. These vulnerabilities abuse e-mail clients rendering HTML
content when displaying e-mails to...
On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that...
Drupal is a content management system often used for Enterprise Content
Management Projects. A remote code execution vulnerability
(CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x.
This allows attackers to exploit multiple...
On the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote...
On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of...
On 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary...
Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability...
CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples...
On February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential...
On January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the...
On the 29nd of January 2018, CISCO published a security advisory for a
remote code execution and denial of service vulnerability affecting
Cisco Adaptive Security Appliance (ASA). The vulnerability is located in
the Secure Sockets Layer (SSL) VPN...
On the 22nd of January 2018, GitHub published a fix for a remote code execution vulnerability affecting Electron applications that use custom protocol handlers. An attacker could exploit the vulnerability by providing to the victim a specifically...
On January 12th 2018, F-Secure reported a security issue affecting laptops supporting Intel’s Active Management Technology (AMT). The issue allows an attacker with physical access to the laptop to bypass the need to enter credentials, including...
Design flaws in modern computer processors allow programs to steal data processed on the computer. The hardware design deficiencies leaded to the development of two attack scenarios: Meltdown, melts security boundaries normally enforced by the...
On the 19th of December 2017, VMware released updates to address multiple security vulnerabilities in ESXi, vCenter Server Appliance, Workstation and Fusion. The most serious of the vulnerabilities could allow remote arbitrary code execution in a...
On November 28th, a security researcher Lemi Orhan Ergin has notified Apple about a serious security issue in macOS Hight Sierra. It appears that anyone can login as root by providing an empty password. The bypass works by putting the word root...
On the 20th of November 2017, Intel reported that it has identified security vulnerabilities that could impact Intel Management Engine, Intel Trusted Execution Engine, and Intel Server Platform Services. As the result, an attacker could gain...
Since summer 2017 -- mostly due to significant increase of the price of Bitcoin -- browser-based mining services have increased their popularity. By providing easy to use JavaScript libraries they allow website owners to increase their revenues...
A vulnerability (CVE-2017-15361) in the procedure of RSA key generation used by a software library allows a practical factorization attack. As a result it is possible to compute the private part of an RSA key based only on its public part. The...
On 16th of October 2017, Adobe has released a security update for Adobe Flash Player for Windows, MacOS, Linux, and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution (CVE-2017-11292). Adobe...
Researchers in the KU Leuven University have discovered a serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within the range of the Wi-Fi of the victim can exploit these weaknesses using key...
On October 2nd, 2017, Google published a blog post detailing severalcritical vulnerabilities impacting dnsmasq. Dnsmasq is widely used in Linux and BSD distributions, Android devices and proprietary firmwares for for serving DNS, DHCP, router...
A previously unknown LDAP injection vulnerability could allow remote attackers to leak the super user password with blind injection techniques and to fully take over any affected Joomla! installation.