May 12, SecurityWeek – (International) Google patches more high risk vulnerabilities in Chrome 50. Google released a round of security patches for Chrome 50 addressing five vulnerabilities, three of which were deemed high severity, and include a same origin bypass issue in the Document Object Model (DOM), a same bypass bug in Blink V8 bindings, and a buffer overflow flaw in V8. A directory traversal flaw using the file scheme on Android, and a race condition bug in loader were also patched, among other vulnerabilities. Source
May 11, SecurityWeek – (International) SAP patches critical vulnerabilities in Enterprise products. SAP released 10 Security Patch Day Notes and 11 Support Package Notes fixing 10 vulnerabilities , mainly in its NetWevwer Advanced Business Application Programming (ABAP) platform and Java, including critical flaws in Adaptive Server Enterprise (ASE) XPServer, Crystal Reports for Enterprise, and Predictive Analytics which could allow an attacker to potentially execute commands remotely without authorization, obtain critical technical and business-related information, or gain unauthorized access and perform actions in the system. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report