Security Headlines is a podcast about the latest

security vulnerabilities with in the cyber security field.

So if your interested about the latest security

holes nomather if you are a tech savy penetration tester,

a devops person, a programmer or just generally interested

in the latest technology security news.

Security headlines is here for you!

In this episode the following security vulnerabilities are mentioned:

FreeBSD -- TCP IPv6 SYN cache kernel information disclosure

py-bleach XSS

An xss has been found in the python HTML sanitizing library "bleach". its a more advanced version of Django’s urlize library.

CVE-2020-3950 VMware Fusion EoP PoC by @0xm1rch| privledge escalation exploit

A privledge escalation exploit has been published for VMware Fusion, vmware fusion the virtual machines for mac osx

New IMCE Dir Exploit for Hacking Drupal Websites

IMCE which is a file manager for drupal that allows for uploading files, someone has published a google dork and a poc exploit for this.

ESB-2020.0938 - [Debian] webkit2gtk: Execute arbitrary code commands - Remote unauthenticated

The following vulnerability has been discovered in the webkit2gtk web

engine:

CVE-2020-10018

Sudhakar Verma, Ashfaq Ansari and Siddhant Badhe discovered that

processing maliciously crafted web content may lead to arbitrary

code execution.

FreeBSD -- Kernel memory disclosure with nested jails 2020-03-19 20:34:5

A superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory, so please update your freebsd jails

CVE-2020-7606 (docker-compose-remote-api) 2020-03-17 23:07:15

docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API.

the variable name serviceName can be manipulated due to a inproper validation, by a third party which can cause code execution

You find us at:

https://blog.firosolutions.com

https://firosolutions.com