Posts Tagged ‘system compromise’

bash shellVulnerability – System compromise in bash

Experts on Information Security warned of a new vulnerability ShellShock (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only the Internet servers and workstations, but also the devices that we uses in everyday life – smartphones, tablets, home routers, and laptops. According to some estimates, a new vulnerability may be bigger than the sensational Heartbleed earlier this year. (more…)

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

New Microsoft vulnerabilities of September 10, 2014

  • Denial of service in the Microsoft Lync Server
  • Privilege escalation in the Microsoft Windows Task Manager
  • Denial of service in Microsoft .NET Framework
  • Multiple vulnerabilities in Microsoft Internet Explorer

(more…)

Google ChromeThe flaws allowed malicious user to bypass certain security restrictions and compromise a vulnerable system.

Google has released the stable version of Chrome 30 browser for Windows, Mac, Linux and Chrome Frame. The new version of the browser contains some fixes for vulnerabilities allowing malicious people to bypass certain security restrictions and compromise a vulnerable system.

The main new feature in Chrome 30 is the built-in browser beta version of QuickOffice for editing Word and Excel. In addition, the new version also supports multiple accounts for the popular web-platforms, including platforms for Google.

The developers have improved the sensory functions of the browser for a more comfortable user experience tablets. From now on will work better and sandbox for Native Client. (more…)

Firefox logo

Multiple vulnerabilities

The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.

According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.

Experts was eliminated a total  of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.

Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications. (more…)

Vulnerabilities in Chrome OS

Vulnerabilities in Chrome OS

Vulnerability: Multiple vulnerabilities in Chrome OS

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 4

CVE ID: CVE-2013-2832, CVE-2013-2833, CVE-2013-2834, CVE-2013-2835

Vector of operation: Remote
Impact: Security Bypass, System Compromise

Affected products: Chrome OS 26.x
Affected versions: Chrome OS versions prior to 26.0.1410.57 (Platform version: 3701.81.2) (more…)

Backdoor in TP-Link devices

Backdoor in TP-Link devices

Vulnerability: Backdoor in TP-Link devices

Danger level: Avarage
Patch: None
Number of vulnerabilities: 1

Vector of operation: Local Network
Impact: System Compromise

Be exploited: PoC code
Affected products:  TL-WR743ND, TL-DR4300.

Affected versions:  TL-WDR4300, TL-WR743ND (v1.2 v2.0). (more…)

Google Chrome and Mozilla products

Google Chrome and Mozilla products

Vulnerability: System compromise in Google Chrome

Danger level: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-0912
Vector of operation: Remote
Impact: System Compromise

Affected products: Google Chrome 25.x
Affected versions: Google Chrome 25.C

Description:

Which can be exploited by malicious people to compromise a vulnerable system.
An error such as confusion in WebKit. A remote user can bypass the sandbox and execute arbitrary code on the target system.
Solution: To resolve the vulnerability patch from the manufacturer. (more…)

vulnerabilities in Adobe Flash Player

Vulnerabilities in Adobe Flash Player

Vulnerability: Multiple vulnerabilities in Adobe Flash Player

Severity Rating: Critical
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-0643
CVE-2013-0648
CVE-2013-0504
Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected Products: Adobe Flash Player 11.x

Affected versions:
Adobe Flash Player 11.6.602.168 and earlier versions for Windows
Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh
Adobe Flash Player 11.2.202.270 and earlier versions for Linux. (more…)

System compromise in Adobe products

System compromise in Adobe products

Vulnerability: System compromise in Adobe products

Danger level: Critical
Availability of fixes: Instructions on elimination
Number of vulnerabilities: 1

CVE ID: CVE-2013-0640
CVE-2013-0641
Vector of operation: Remote
Impact: System Compromise

Exploited by active exploitation of the vulnerability
Affected Products: Adobe Reader 9.x
Adobe Reader X 10.x
Adobe Reader XI 11.x
Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Acrobat XI 11.x (more…)

Multiple vulnerabilities in Adobe Flash Player

Adobe Flash Player vulnerabilities

Vulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger level: Critical
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2013-0633
CVE-2013-0634
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x

Affected versions:

– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.2.202.261 and earlier versions for Linux;
– Flash Player 11.1.115.36 and earlier versions for Android 4.x;
– Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x;
– Flash Player 11.5.31.137 and earlier versions for Chrome (Windows, Macintosh and Linux);
– Flash Player 11.3.378.5 and earlier versions of Internet Explorer 10 in Windows 8. (more…)