Security Headlines is a podcast about the latest   
security vulnerabilities with in the cyber security field.   
So if your interested about the latest security   
holes nomather if you are a tech savy penetration tester,   
a devops person, a programmer or just generally interested    
in the latest technology security news.   
Security headlines is here for you!

In this episode the following security vulnerabilities are mentioned:

FreeBSD -- TCP IPv6 SYN cache kernel information disclosure

py-bleach XSS
An xss has been found in the python HTML sanitizing library "bleach". its a more advanced version of  Django’s urlize library.


CVE-2020-3950 VMware Fusion EoP PoC by @0xm1rch| privledge escalation exploit
A privledge escalation exploit has been published for VMware Fusion, vmware fusion the virtual machines for mac osx


New IMCE Dir Exploit for Hacking Drupal Websites
IMCE which is a file manager for drupal that allows for uploading files, someone has published a google dork and a poc exploit for this.


ESB-2020.0938 - [Debian] webkit2gtk: Execute arbitrary code commands - Remote unauthenticated
The following vulnerability has been discovered in the webkit2gtk web
engine:

CVE-2020-10018

   Sudhakar Verma, Ashfaq Ansari and Siddhant Badhe discovered that
   processing maliciously crafted web content may lead to arbitrary
   code execution.


FreeBSD -- Kernel memory disclosure with nested jails 2020-03-19 20:34:5
A superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory, so please update your freebsd jails

CVE-2020-7606 (docker-compose-remote-api) 2020-03-17 23:07:15
docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API.
the variable name serviceName can be manipulated due to a inproper validation, by a third party which can cause code execution

You find us at:
https://blog.firosolutions.com
https://firosolutions.com

Ver todos los episodios