by CIRT Team
CVE-2020-15504: Sophos XG Firewall Admin Web Interface sql injection
DESCRIPTIONA SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. IMPACT9.8 CRITICAL SYSTEM AFFECTEDSophos XG Firewall v18.0 MR1 and...
Read More
by CIRT Team
Critical Patches Issued for Microsoft Products, October 13, 2020
DESCRIPTIONMultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
A Vulnerability in Adobe Flash Player Could Allow for Arbitrary Code Execution (APSB20-58)
DESCRIPTIONA vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability could result in an attacker executing arbitrary code in the context of the affected application. Depending on the privileges...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process....
Read More
by CIRT Team
Treck IP stacks contain multiple vulnerabilities
DESCRIPTIONTreck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities...
Read More
by CIRT Team
Multiple Vulnerabilities in Microsoft Edge Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft Edge, the most severe of which could allow for arbitrary code execution. Microsoft Edge is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in iCloud for Windows and macOS. The most severe of these vulnerabilities could allow for arbitrary code execution. macOS is a desktop operating system for Macintosh computers. iCloud is a cloud storage service that can be used on Windows computers. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of...
Read More
by CIRT Team
Cisco Security Advisories Published on September 24, 2020
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today. 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW +——————————————————————– 2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability CVE-2020-3552 SIR:...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More