Category Archives: Vulnerability Assessment

VLC and Other Software Affected By Bug in Media Library

A critical flaw in the LIVE555 Streaming Media RTSP server impacts famous applications, comprising VLC, MPlayer and others, Cisco Talos has observed.

Live Networks, Inc, developed LIVE555 Streaming Media mentions an open-source set of C++ libraries indicated for multimedia streaming. The libraries offer assistance for open standards employed in streaming, however can also be utilized for organizing of different famous formats of video and audio. The libraries are employed for cameras and other embedded gadgets in addition to media players.

Continue reading

Splunk Fixes Various Bugs in its Enterprise and Light Products

Recently, Splunk fixed various flaws in its Enterprise and Light products, containing vulnerabilities that have been evaluated as high critical. Splunk Enterprise permits companies to hunt, examine and visualize data gathered from different websites, apps, sensors and using several other devices. Splunk Light is a outcome that modifies log hunting and research, along with the network monitoring and server, in medium sized IT networks.

Continue reading

Cisco Fixes High Threat Security Flaws in Numerous Products

Cisco fixed fifteen high and medium threat security concerns in numerous products permitting hackers to generate Denial of Service situations, to restart the devices, to prospect impervious info, and acquire access to private details on unsafe systems. Cisco patched more flaws today and permitted hackers to manage Cross-Site Scripting and Cross-Site Request Forgery threats through web-based management interface of a device.

Continue reading

Branch.io Bugs Revealed Tinder, Shopify, Yelp Users To XSS Threats

Millions of customers may have been revealed to cross-site scripting XSS Threats due to a flaw exist in Branch.io, a service utilized by Tinder, Shopify, Yelp and numerous others. Analysts at vpnMentor were examining Tinder and various dating applications when they identified a Tinder domain, go.tinder.com, that had numerous XSS bugs.

Continue reading

Juniper Fixes Critical Vulnerabilities in Junos OS

Juniper Networks communicated users that its Junos operating system is impacted this week by some critical flaws, containing a bug that may have been caused while harmful network inquiry. Juniper published about two dozen consultatives narrating security vulnerabilities in Junos on Wednesday, the operating system that enforces its networking and security products. The firm has supplied fixes and alleviation for each of the flaws.

Continue reading

SAP Fixes Serious Flaw in BusinessObjects

SAP announced its set of fixes of October 2018, this week, which contains the primary Hot News security record for SAP BusinessObjects in complete five years. SAP contained eleven security records in its Security Patch Day, October 2018, to which it merely included four upgrades to former announced versions. Therefore, the fixes contain fifteen records: two marked Hot News, four were on High priority, and nine remained on Medium priority.

Continue reading

Microsoft Fixes Windows Zero-Day Used by ‘FruityArmor’ Group

Patch of Microsoft release as Tuesday updates for October 2018 sort out about fifty flaws, containing a Windows zero-day vulnerability utilized by an Advanced Persistent Threat hacker recognized as FruityArmor.

The Windows zero-day, trailed as CVE-2018-8453, has been narrated by Microsoft as a advantage increasing concern associated to how the Win32k element of Windows manages targets in memory. The firm states an documented hacker can utilize the security flaw to promote benefits and acquire control of the impacted system. The flaw has been progressively utilized against previous variants of Windows, however exploitation may simply be manageable on the newest options of the operating system.

Continue reading

DNA Center and Prime Infrastructure Plugged Severe Bugs By Cisco

An updated batch of bugs in different Cisco products has been patched, among three of which are serious.

Cisco DNA Center Bugs

Two bugs impact Cisco Digital Network Architecture – DNA Center and were exposed by the firm during internal security experimenting. CVE-2018-15386 is unsafe due to default configuration of the impacted system. Unauthorized, distant hackers could effort it by straightway linking to the revealed services, and would then be capable to recover and alter severe system files.

Continue reading