The Department of Homeland Security Cybersecurity and InfrastructureSecurity Agency (CISA) issued an Emergency Directive on December 13,2020 in response to the compromise of the SolarWinds Orion product forall federal civilian agencies. The directive calls for all organizationsto assess their exposure to the compromise and secure their networksagainst exploitation. The following SolarWinds Orion versions are affected: Orion Platform 2019.4 HF5, version 2019.4.5200.9083Orion Platform 2020.2 RC1, version 2020.2.100.12219Orion Platform 2020.2...
Read More
DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process....
Read More
DESCRIPTIONA vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user...
Read More
DESCRIPTIONA vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit...
Read More
DESCRIPTIONA vulnerability has been discovered in Mozilla Thunderbird, which could allow for arbitrary code execution. Mozilla Thunderbird is an email client. Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to...
Read More
