There has been found a vulnerability in new Chromium-based Microsoft Edge web browser. The vulnerability is related to improper input validation in the Feedback extension. By exploiting this vulnerability an attacker may be able to write files to arbitrary locations and gain elevated privileges.
The vulnerability by itself does not allow arbitrary code to run. However, it could be used in conjunction with other vulnerabilities to take advantage of the elevated privileges when running.
Affected versions:
Microsoft Edge (Chromium-based) versions earlier than 83.0.478.37
More information available in the correspondent security advisory.
Monday, May 25, 2020
New PHP versions available
PHP development team has released 7.4.6, 7.3.18 and 7.2.31 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.4.6
Version 7.3.18
Version 7.2.31
Changelogs:
Version 7.4.6
Version 7.3.18
Version 7.2.31
Adobe Premiere Rush Updated
Adobe have released an update to patch a vulnerability in their Adobe Premiere Rush application. The vulnerability (CVE-2020-9617) may lead to information disclosure.
Affected versions:
Adobe Premiere Rush 1.5.8 and earlier versions
More information in the related security bulletin.
Affected versions:
Adobe Premiere Rush 1.5.8 and earlier versions
More information in the related security bulletin.
Adobe Audition Patch Release
Adobe have released an update to patch a vulnerability in their Adobe Audition application. The vulnerability (CVE-2020-9618) may lead to information disclosure in vulnerable system.
Affected versions:
Adobe Audition 13.0.5 and earlier versions
More information in the related security bulletin.
Affected versions:
Adobe Audition 13.0.5 and earlier versions
More information in the related security bulletin.
Adobe Premiere Pro Fix Released
Adobe have released an update to patch a vulnerability in their Premiere Pro application. The vulnerability (CVE-2020-9616) may lead to information disclosure in vulnerable system.
Affected versions:
Adobe Premiere Pro 14.1 and earlier versions
More information in the related security bulletin.
Affected versions:
Adobe Premiere Pro 14.1 and earlier versions
More information in the related security bulletin.
Adobe Character Animator Updated
There has been released a new version of Adobe Character Animator. The new version fixes a buffer overflow vulnerability (CVE-2020-9586) that could lead to remote code execution.
Affected versions:
Character Animator 2020 3.2 and earlier versions
More information can be read from the Adobe security bulletin.
Affected versions:
Character Animator 2020 3.2 and earlier versions
More information can be read from the Adobe security bulletin.
Google Chrome New Version Released
Google have released a version 83.0.4103.61 of their Chrome web browser. In addition to other changes 38 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.
Wednesday, May 13, 2020
Adobe DNG Software Development Kit Vulnerabilities Fixed
Adobe has released an update for the Adobe DNG Software Development Kit (SDK). The updated version fixes arbitrary code execution and information disclosure vulnerabilities.
Affected versions
Adobe DNG Software Development Kit (SDK) 1.5 and earlier
More information in the related Adobe security bulletin.
Affected versions
Adobe DNG Software Development Kit (SDK) 1.5 and earlier
More information in the related Adobe security bulletin.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier 2020.009.20063
*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30171
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30523
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier 2020.009.20063
*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30171
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30523
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Microsoft Security Updates For May 2020
Microsoft have released security updates for May 2020.
Summary of the updates (filter by inserting 04/14/2020 to the From field and 05/13/2020 to the To field) here.
Summary of the updates (filter by inserting 04/14/2020 to the From field and 05/13/2020 to the To field) here.
Sunday, May 10, 2020
Mozilla Thunderbird Vulnerabilities Fixed
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which some critical.
Affected versions:
Mozilla Thunderbird versions earlier than 68.8.0
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 68.8.0
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Firefox Updated
Mozilla have released new versions of their Firefox web browser. New versions contain fixes to security vulnerabilities of which many are critical and high categorized.
Affected versions:
-Mozilla Firefox earlier than 76 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.8 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Affected versions:
-Mozilla Firefox earlier than 76 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.8 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Wednesday, May 6, 2020
Google Chrome Updated
Google have released a version 81.0.4044.138 of their Chrome web browser. In addition to other changes three security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.
Saturday, May 2, 2020
Ninja Forms Vulnerability Fixed
There has been released an update to Ninja Forms which is a WordPress plugin with over 1 million installations. The updated version fixes a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2020-12462).
Affected versions:
Ninja Forms versions earlier than 3.4.24.2
More information in Wordfence blog here.
Affected versions:
Ninja Forms versions earlier than 3.4.24.2
More information in Wordfence blog here.
VMware ESXi Updated
VMware have released updated versions of VMware ESXi. Updates fix one important categorized cross-site scripting (XSS) vulnerability (CVE-2020-3955).
Affected versions:
-ESXi 6.7 without Patch Release ESXi670-202004103-SG
-ESXi 6.5 without Patch Release ESXi650-201912104-SG
More information in VMware advisories here.
Affected versions:
-ESXi 6.7 without Patch Release ESXi670-202004103-SG
-ESXi 6.5 without Patch Release ESXi650-201912104-SG
More information in VMware advisories here.
WordPress 5.4.1 Released
There has been released a new version of WordPress (blogging tool and content management system). Version 5.4.1 fixes security bugs.
Affected versions:
WordPress versions earlier than 5.4.1
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 5.4.1
More information can be read from the WordPress blog.
Subscribe to:
Posts (Atom)
