Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

CVE-2021-3156-Heap-based buffer overflow in Sudo

DESCRIPTIONSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character: IMPACTA heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to...

Read More

0
28 Jan 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Siemens Solid Edge Could Lead to Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,the most severe of which could allow for arbitrary code execution in thecontext of the system process. Solid Edge is used for designing andviewing 2D and 3D models. Depending on the privileges associated withthe application, an attacker could view, change, or delete data. If thisapplication has been configured to have fewer user rights on the system,exploitation of...

Read More

0
26 Jan 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Siemens JT2Go and Teamcenter Visualization

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ JT2Go andTeamcenter Visualization products, the most severe of which could allowfor arbitrary code execution in the context of the system process. JT2Goand Teamcenter Visualization are used for viewing 3D models. Dependingon the privileges associated with the application, an attacker couldview, change, or delete data. If this application has been configured tohave fewer user rights on the system, exploitation...

Read More

0
26 Jan 2021
in Security Advisories & Alerts

Critical Patches Issued for Microsoft Products, January 12, 2021

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution. Successfulexploitation of the most severe of these vulnerabilities could result inan attacker gaining the same privileges as the logged-on user. Dependingon the privileges associated with the user, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Users whose accounts...

Read More

0
24 Jan 2021
in Security Advisories & Alerts

A Vulnerability in Adobe Photoshop Could Allow for Arbitrary Code Execution (APSB21-01)

DESCRIPTION:A vulnerability has been discovered in Adobe Photoshop which could allowfor arbitrary code execution. Photoshop is Adobe’s flagship imageediting software. Successful exploitation of this vulnerability couldallow for arbitrary code execution. Depending on the privilegesassociated with the user an attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.Users whose accounts are configured to have fewer user rights on...

Read More

0
24 Jan 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in...

Read More

0
21 Jan 2021
in Security Advisories & Alerts

A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution

DESCRIPTION A vulnerability has been discovered in Mozilla Firefox, Firefox ExtendedSupport Release (ESR) and Firefox for Android, which could allow forarbitrary code execution. Mozilla Firefox is a web browser used toaccess the Internet. Mozilla Firefox ESR is a version of the web browserintended to be deployed in large organizations. Firefox for Android is aversion of the web browser used on Android based mobile devices.Successful exploitation...

Read More

0
21 Jan 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view,...

Read More

0
20 Jan 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows: * Multiple vulnerabilities in Framework that could allow for Escalation of Privileges (CVE-2021-0303, CVE-2021-0306, CVE-2021-0307, CVE-2021-0310, CVE-2021-0315, CVE-2021-0317, CVE-2021-0318, CVE-2021-0319)* A vulnerability in Framework that could allow for Remote Code Execution...

Read More

0
20 Jan 2021
Page 7 of 134« First...56789...203040...Last »