Patch | SC Media

Patch

Cisco issues multiple product updates, fixes critical flaws in small business switches

Cisco Systems issued a series of security updates on Aug. 6 and 7, in the process disclosing 26 vulnerabilities, including two critical ones found in its Small Business 220 Series Smart Switches. The two most serious bugs consist of a remote code execution flaw (CVE-2019-1913) and an authentication bypass vulnerability (CVE-2019-1912) in the aforementioned switches,…

Over 200M devices affected by critical flaws found in real-time operating system

VxWorks, a real-time operating system (RTOS) that runs on more than 2 billion devices — many in industrial, health-care and enterprise environments — has been found to contain 11 vulnerabilities, six of which are critical flaws that enable remote code execution. Around 200 million devices are running the vulnerable versions of the RTOS, according to…

vulnerability

Critical vulnerability found in VLC Media Player

Germany’s national Computer Emergency Response Team (CERT Bund) has issued a security alert for a critical vulnerability in the VLC Media Player. The memory corruption flaw, CVE-2019-13615, affects VLC 3.0.7.1 in Linux, UNIX, Windows and if exploited can allow an attacker to remotely execute arbitrary code, create a denial of service state, disclose information, or…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

Microsoft, oracle, cybersecurity

Microsoft, Oracle release security updates

Microsoft and Oracle issued security updates with Redmond, Wash., company patching a single issue in Windows Defender Application Control while Oracle’s update covered over 100 products and dozens of vulnerabilities. The issue with Windows Defender, CVE-2019-1167, if exploited would allow an attacker to circumvent PowerShell Core Constrained Language Mode on the machine. However, Microsoft noted…

Lucky break: Cracked windshield helps hacker find bug in Tesla

Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…

Cisco releases updates for DoS vulnerability

Cisco released security updates for a “high” rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could allow a remote attacker to cause a denial-of-service condition The vulnerability, CVE-2019-1873, is in the cryptographic driver of the products, according to a July 10 security update. The bug is due to incomplete…

Next post in Vulnerabilities