An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
Monthly Archives: April 2017
CVE-2017-6974
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the “System Integrity Protection” component. It allows attackers to modify the contents of a protected disk location via a crafted app.
CVE-2017-2490
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vuln: ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
Vuln: Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities
Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities
Vuln: libplist 'base64encode()' Function Local Denial of Service Vulnerability
libplist ‘base64encode()’ Function Local Denial of Service Vulnerability
Vuln: libplist 'parse_string_node()' Function Local Denial of Service Vulnerability
libplist ‘parse_string_node()’ Function Local Denial of Service Vulnerability
Splunk Enterprise Multiple Version Information Disclosure
Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks.
RHSA-2017:0860-1: Critical: chromium-browser security update
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056
Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals
The Internet-connected devices are growing at an exponential rate, and so are threats to them.
Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks.
We have seen IoT botnets like Mirai – possibly the biggest
