Javier García

16 noviembre, 2018

MSA-18-0012: Portfolio script allows instantiation of class chosen by user

di Marina Glancy. Substituting URL in portfolios users can instantiate any class, this can also be exploited by users who are logged in as guests to create a DDoS attackSeverity/Risk:SeriousVersions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versionsVersions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12Reported by:Brendan CoxWorkaround:Disable portfolios until the fix is applied. Portfolios are disabled by default in MoodleCVE More info: https://moodle.org/mod/forum/discuss.php?d=371204&parent=1496358

15 noviembre, 2018

Microsoft Dynamics 365 CVE-2018-8609 Remote Code Execution Vulnerability

Type: Vulnerability. Microsoft Dynamics 365 is prone to a remote code-execution vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=105894&om_rssid=sr-advisories

15 noviembre, 2018

Microsoft Windows Kernel Win32k.sys CVE-2018-8562 Local Privilege Escalation Vulnerability

Type: Vulnerability. Microsoft Windows is prone to a local privilege-escalation vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=105790&om_rssid=sr-advisories

15 noviembre, 2018

Microsoft .NET Core CVE-2018-8416 Tampering Security Bypass Vulnerability

Type: Vulnerability. Microsoft .NET Core is prone to a security-bypass vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=105798&om_rssid=sr-advisories

15 noviembre, 2018

Microsoft Windows Kernel CVE-2018-8408 Local Information Disclosure Vulnerability

Type: Vulnerability. Microsoft Windows is prone to a local information-disclosure vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=105789&om_rssid=sr-advisories

15 noviembre, 2018

Microsoft Windows Kernel Win32k.sys CVE-2018-8565 Local Information Disclosure Vulnerability

15 noviembre, 2018

JSA10898 – 2018-10 Security Bulletin: Junos OS: Multiple vulnerabilities in NTP [VU#961909]

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10898&actp=RSS

15 noviembre, 2018

Microsoft Skype for Business and Lync CVE-2018-8546 Denial of Service Vulnerability

Type: Vulnerability. Microsoft Skype for Business and Lync are prone to a remote denial-of-service vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=105802&om_rssid=sr-advisories

15 noviembre, 2018

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory: “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The issue exists due to improper authorization in the More info: https://blogs.vmware.com/security/2018/11/new-vmware-security-advisory-vmsa-2018-0028.html

15 noviembre, 2018

Accelerated Mobile Pages <= 0.9.97.20 – Multiple Unauthenticated Vulnerabilities

https://wpvulndb.com/vulnerabilities/9147 More info: https://wpvulndb.com/vulnerabilities/9147

L	M	X	J	V	S	D
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31