Vulnerabilities & Flaws | SC Media

Vulnerabilities & Flaws

Dell SupportAssist bug leaves millions of PCs vulnerable

A vulnerability in Dell’s SupportAssist software, a software designed to protect users from vulnerabilities, has left millions of PCs vulnerable to remote takeover.  SafeBreach security researchers discovered the high-severity vulnerability (CVE-2019-12280) which stems from a component in SupportAssist, which checks the health of system hardware and software and requires high permissions, according to a June…

Oracle addresses vulnerabilities with 154 security fixes

Oracle releases second WebLogic Server patch in two months

Oracle released an out-of-band patch for a WebLogic Server Deserialization vulnerability which could allow an unauthenticated attacker to remotely exploit and gain remote code execution (RCE) ability on vulnerable systems. The vulnerability, CVE-2019-2729, affected Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0, and can be exploited over a network without the need for a username…

NetflixRat

Netflix patches Linux SACK vulnerability

Netflix researchers uncovered several security vulnerabilities, within the TCP implementations on Linux and FreeBSD kernels. The most severe of the flaws is the SACK Panic vulnerability, which could allow an attacker to remotely induce a kernel panic within recent Linux operating systems, according to a June 17 OpenWall blog post. A kernel panic is a…

Organizations still struggle to manage vulnerability patches, report

Nearly 27 percent of organizations worldwide have been breached as a result of an unpatched vulnerability, according to Tripwire’s 2019 Vulnerability Management Survey.. In Europe, companies fair worse with 34 percent of respondents reporting a breach due to the same cause. Tripwire partnered with Dimensional Research to survey 340 infosecurity professionals on vulnerability management trends…

applePatch

MacOS 0-Day Flaw exploits ‘Synthetic Clicks’

A security researcher with a history of finding bugs in Apple products discovered a zero-day vulnerability that can bypass Apple’s security protections with “synthetic clicks.” Security researcher Patrick Wardle demonstrated the bug, at the Object by the Sea security conference in Monaco, which affects macOS Mojave and takes advantage of ‘synthetic events’, a macOS automation…

applePatch

Apple patches AirPort Base Station Firmware

Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…

applePatch

Bypass vulnerability in MacOS X GateKeeper

Independent Researcher Filippo Cavallarin discovered a GateKeeper Bypass vulnerability in Apple’s MacOS X that will allow threat actors to execute untrusted code without any warning or the user’s permission. GateKeeper is a mechanism developed by Apple and is included in MacOSX which enforces code signing and verifies downloaded applications before allowing them to run on…

XSS vulnerability in Slimstat WordPress plugin

A  vulnerability in the Slimstat WordPress plugin could allow a malicious user to inject arbitrary JavasScript code on the plugin access log functionality. The plugin allows users to gather data analytics for the WordPress site and will track certain information such as the browser and operating system details, plus page visits to optimize the website…

Drupal core patches moderately critical vulnerability

Drupal core released a patch for a  moderately critical vulnerability in third-party libraries that could allow the by-passing of protection of Phar Steam Wrapper Interceptor. The vulnerability occurs when untrusted data is used to abuse the logic of the application, according to, TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor. “In order to intercept file…

Next post in Vulnerabilities