Show notes
Security Headlines is a podcast about the latest security vulnerabilities with in the cyber security field. So if your interested about the latest security holes nomather if you are a tech savy penetration tester, a devops person, a programmer or just generally interested in the latest technology security news. Security headlines is here for you!In this episode the following security vulnerabilities are mentioned:FreeBSD -- TCP IPv6 SYN cache kernel information disclosurepy-bleach XSSAn xss has been found in the python HTML sanitizing library "bleach". its a more advanced version of Django’s urlize library.CVE-2020-3950 VMware Fusion EoP PoC by @0xm1rch| privledge escalation exploitA privledge escalation exploit has been published for VMware Fusion, vmware fusion the virtual machines for mac osxNew IMCE Dir Exploit for Hacking Drupal WebsitesIMCE which is a file manager for drupal that allows for uploading files, someone has published a google dork and a poc exploit for this.ESB-2020.0938 - [Debian] webkit2gtk: Execute arbitrary code commands - Remote unauthenticatedThe following vulnerability has been discovered in the webkit2gtk webengine:CVE-2020-10018 Sudhakar Verma, Ashfaq Ansari and Siddhant Badhe discovered that processing maliciously crafted web content may lead to arbitrary code execution.FreeBSD -- Kernel memory disclosure with nested jails 2020-03-19 A superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory, so please update your freebsd jailsCVE-2020-7606 (docker-compose-remote-api) 2020-03-17 docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API.the variable name serviceName can be manipulated due to a inproper validation, by a third party which can cause code executionYou find us at:https://blog.firosolutions.comhttps://firosolutions.com

