Skip to content

Home Early Warning System Advisory
Advisory
Kaspersky Security Advisory
Wednesday, 18 April 2018 10:30

A vulnerability was reported in Kaspersky Password Manager for Windows version 8.0.6.538. This vulnerability makes possible unauthorized code execution from specific DLL and is known as DLL Hijacking attack. An attacker needs to drop his DLL in a directory where victim stores product installer. After user run the installer, malicious DLL will be loaded into installer process. It is advised to update to Kaspersky Password Manager version 9.0.0.728.

 
Oracle Critical Patch Update (April 2018)
Wednesday, 18 April 2018 10:00

Oracle has released 254 new security fixes to address vulnerabilities of multiple oracle products in April, 2018. It is advised to update.

 
Linux Security Update Overview (17th April)
Tuesday, 17 April 2018 14:00

The following Linux distributions have released security updates to fix vulnerabilties:
Debian: Security updates for r-cran-readxl, perl, ruby-loofah, and pcs. 
Gentoo Linux
: Security updates for Go and Adobe Flash Player.
Ubuntu: Security updates for Ruby, Patch, and Perl.
SUSE: Security updates for nodejs4, ntp, memcached, evince, python3, mercurial, openssl, policycoreutils, zziplib, and libvirt.

 
VMware Security Advisories
Tuesday, 17 April 2018 14:00

Two vulnerabilities were reported in VMware vRealize Automation. One vulnerability may allow attackers to conduct a DOM-based cross-site scripting(XSS) attack, leading to the compromise of the vRA user's workstation. The other may allow attackers to hijack a valid vRA user's session. It is advised to update.

 
Microsoft Security Update (April 2018)
Wednesday, 11 April 2018 12:00

Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, Microsoft Malware Protection Engine, Microsoft Visual Studio, and Microsoft Azure IoT SDK.

The vulnerability in the Microsoft Malware Protection Engine was released earlier this month. The Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.It is advised to update.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 336
[YOUR IP : 54.81.166.196: 46240] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...