Security Headlines is a podcast about the latest
security vulnerabilities with in the cyber security field.
So if your interested about the latest security
holes nomather if you are a tech savy penetration tester,
a devops person, a programmer or just generally interested
in the latest technology security news.
Security headlines is here for you!
In this episode the following security vulnerabilities are mentioned:
FreeBSD -- TCP IPv6 SYN cache kernel information disclosure
py-bleach XSS
An xss has been found in the python HTML sanitizing library "bleach". its a more advanced version of Django’s urlize library.
CVE-2020-3950 VMware Fusion EoP PoC by @0xm1rch| privledge escalation exploit
A privledge escalation exploit has been published for VMware Fusion, vmware fusion the virtual machines for mac osx
New IMCE Dir Exploit for Hacking Drupal Websites
IMCE which is a file manager for drupal that allows for uploading files, someone has published a google dork and a poc exploit for this.
ESB-2020.0938 - [Debian] webkit2gtk: Execute arbitrary code commands - Remote unauthenticated
The following vulnerability has been discovered in the webkit2gtk web
engine:
CVE-2020-10018
Sudhakar Verma, Ashfaq Ansari and Siddhant Badhe discovered that
processing maliciously crafted web content may lead to arbitrary
code execution.
FreeBSD -- Kernel memory disclosure with nested jails 2020-03-19 20:34:5
A superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory, so please update your freebsd jails
CVE-2020-7606 (docker-compose-remote-api) 2020-03-17 23:07:15
docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API.
the variable name serviceName can be manipulated due to a inproper validation, by a third party which can cause code execution
You find us at:
https://blog.firosolutions.com
https://firosolutions.com
