Blog

Adobe released updates on Monday for 47 vulnerabilities in its Acrobat and reader, including critical ones that allow information leakage and arbitrary code execution. Category Impact Severity CVE# Double Free Arbitrary Code Execution Critical CVE-2018-4990 Heap Overflow Arbitrary Code Execution Critical CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984 Use-after-free Arbitrary Code Execution Critical...

Spring released security advisories on May 9 local time for fixing its multiple vulnerabilities, including a critical remote code execution vulnerability. Reference link: https://pivotal.io/security  Vulnerability Description CVE-2018-1257 (High) Parts of Spring Framework versions allow application programs to use Spring message module to make public STOMP on WebSocket endpoint through simple memory...

  Drupal released a security advisory on April 25 local time, saying a critical vulnerability (CVE-2018-7602) affected Drupal 7.x and 8.x. Attackers could exploit this vulnerability in many ways for remote code execution. Drupal says it correlates with the previous vulnerability CVE-2018-7600 and has been found exploited by attackers. NSFOCUS...

On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3...