Security Advisories & Alerts


Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary...

Read More


Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2020-007

DESCRIPTION The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting. SYSTEM AFFECTED Following actions are recommended to be taken: Install the latest version: • If you are using Drupal 7.x, upgrade to Drupal 7.73. • If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10. • If you are using Drupal 8.9.x, upgrade to Drupal 8.9.6. • If...

Read More


IPTV encoder devices contain multiple vulnerabilities

DESCRIPTIONMultiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system. IMPACT     • Full administrative access via backdoor password (CVE-2020-24215)    • Administrative root access via backdoor password (CVE-2020-24218)    • Arbitrary file read via path traversal (CVE-2020-24219)    •...

Read More


Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

DESCRIPTIONMultiple vulnerabilities have been discovered in iOS, iPadOS, watchOS, tvOS, watchOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution.     • iOS is a mobile operating system for Apple cellphones.    • iPadOS is a mobile operating system for Apple tablets.    • tvOS is an operating system for the Apple media streaming device Apple TV.    • WatchOS is an...

Read More


Microsoft Excel Remote Code Execution Vulnerability

DESCRIPTIONA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view,...

Read More


CVE-2020-1472 “Zerologon” Critical Privilege Escalation critical vulnerability

Description:An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. The prime elements of this vulnerability are the weak encryption standards and the authentication process used in the Netlogon protocol. As new Windows Domain Controllers use standard AES-256 as encryption standards, incorrect use...

Read More


Security Advisories & Alerts: MrbMiner

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner.According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner.According to the researchers, for the spread of the botnet, it was done scan to...

Read More


Adobe releases out-of-band security update for Adobe Media Encoder

DESCRIPTION Adobe has released an out-of-band security update for Adobe Media Encoder that fixes three ‘Important’ security vulnerabilities. The three vulnerabilities are classified as ‘Information Disclosure,’ which could allow sensitive information to be leaked in the security of the active user. Adobe advises customers to update the vulnerable apps to the latest versions as soon as possible to block attacks attempting to exploit unpatched installations....

Read More


Critical Patches Issued for Microsoft Products

DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts...

Read More


Critical Intel Active Management Technology (ATM) Flaw Allows Privilege Escalation

DESCRIPTION AMT is part of the Intel vPro platform (Intel’s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. The flaw can be exploited by an unauthenticated attacker on the same network, in order to gain escalated privileges. The issue (CVE-2020-8758), found internally by Intel employees, ranks 9.8 out of...

Read More


Page 25 of 66« First...1020...2324252627...304050...Last »