Skip to content

Home Early Warning System Issues
URL Spoofing Vulnerability in Apple Safari and Microsoft Edge
Thursday, 13 September 2018 12:00

A vulnerability was reported in the Microsoft Edge web browser for Windows and Apple Safari for iOS. Both browsers allowed javascript to update the address bar while the page was still loading. Thus, attackers may be able to conduct phishing attacks through address bar spoofing. Microsoft Edge was patched last month with Microsoft monthly security updates, but Safari is still unpatched at the time of this entry.

Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
Tuesday, 28 August 2018 12:00

A vulnerability was reported in Microsoft Windows task scheduler in the handling of ALPC. A local user may be able to gain SYSTEM privileges. No solution was available at the time of this entry.

A Vulnerability in OpenSSL Affects Multiple F5 Products
Tuesday, 24 July 2018 17:00

Multiple F5 products were affected by an OpenSSL vulnerability. A remote attacker may be able to cause a denial-of-service (DoS) attack. No upgrade was available at the time of this entry.To mitigate this vulnerability users should limit connections to SSL/TLS servers only on trusted networks. To protect vulnerable clients, users can configure the BIG-IP system to proxy outbound SSL connections.

Microsoft Windows JScript Error Object Use-After-Free Remote Code Execution Vulnerability
Wednesday, 30 May 2018 14:30

A vulnerability was reported in JScript Error Object of Microsoft Windows. Remote attackers may be able to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. No patch was available at the time of this entry. The only salient mitigation strategy is to restrict interaction with the application to trusted files.

Vulnerabilities in Email Clients Affect Users of OpenPGP and S/MIME Encryption
Tuesday, 15 May 2018 12:00

Multiple vulnerabilities were discovered in email clients for two email encryption standards PGP and S/MIME. Remote attackers could recover plaintext from encrypted emails without access to the encryption keys. No solution was available at the time of this entry. To mitigate this vulnerability, users are advised to decrypt mail outside of mail client, disable HTML rendering, and disable Remote Content Loading.

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 2 of 141
[YOUR IP : 42412] ...   [YOUR BROWSER: CCBot/2.0 (] ...