Zoom Will Fix the Flaw That Let Hackers Hijack Webcams

While it at first dismissed the vulnerability, Zoom says it will release a patch Tuesday night...

Qt 5.12.4 Released with support for OpenSSL 1.1.1

Qt 5.12.4, the fourth patch release of Qt 5.12 LTS, is released today. Qt 5.12.4 release provides a number of bug fixes, as well as performance and other improvements. As an important new item it provides binaries build with OpenSSL 1.1.1, including the new TLS 1.3 functionality. Compared to Qt...

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

UPDATE WhatsApp is urging users to update as soon as possible, after a zero-day vulnerability found in its messaging platform was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. First reported by the Financial Times, the popular messaging app...

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magent...

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit,...

CVE-2019-1674 Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...

Microsoft Windows RCE Flaw Gets Temporary Micropatch

Three unfixed Microsoft Windows vulnerabilities have been assigned unofficial, temporary micropatches – including a recently-disclosed high-severity remote code-execution flaw. The micropatches were released Tuesday by ACROS Security’s 0patch platform. 0patch, which is still in its beta stage,...

Fedora 28 : clamav (2018-eff94da132)

ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS...

glibc security update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

Fedora 27 : clamav (2018-1fc39f2d13)

ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS...

Researcher Discloses New Zero-Day Affecting All Versions of Windows

A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system including server editions after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the...

Qualys Cloud Platform 8.15.2 New Features

Patch release of Qualys Cloud Platform, version 8.15.2, includes new support for Apache instance auto-discovery in Qualys Policy Compliance. Policy Compliance Apache Instance Auto-Discovery – This new feature in Qualys PC enables automatic discovery of Apache during compliance scans. Once one or...

CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

Update Google Chrome Immediately to Patch a High Severity Vulnerability

You must update your Google Chrome now. Security researcher Michał Bentkowski discovered and reported a high severity vulnerability in Google Chrome in late May, affecting the web browsing software for all major operating systems including Windows, Mac, and Linux. Without revealing any technical...

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim hcsshim library that could allow remote attackers to run malicious code on Windows computers. Windows Host Compute Service Shim hcsshim i...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery Privilege Escalation Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage:...

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of 'unpatched' Microsoft Office's built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on...

Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities

Google’s Issue Tracker, also known internally as the “Buganizer,” contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database. Alex Birsan, a software developer and hobbyist bug-hunter, collected more than $15,000 in...

PHP Melody 2.7.3 - Multiple Vulnerabilities

PHP Melody 2.7.3 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages...

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution RCE. According to...