Overview Recently, Apache Solr fixed a vulnerability (CVE-2020-13957) in the Configsets API upload function. Attackers could perform unauthorized operations by using a combination of UPLOAD/CREATE actions, which might eventually lead to command execution. Apache Solr is an enterprise search server that is based on Lucene. (more…)
Blog
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) Threat Alert
Overview On October 13, 2020 (local time), Microsoft fixed a critical vulnerability dubbed Bad Neighbor (CVE-2020-16898) in the Windows TCP/IP stack in its latest monthly patch update. An attacker might execute arbitrary code on a remote system by sending maliciously crafted ICMPv6 Router Advertisement packets. McAfee said the proof-of-concept code...
Oracle October 2020 Critical Patch Update for All Product Families Threat Alert
Overview On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix. For complete information, see Oracle's official security...
Analysis of the 2020 H1 Vulnerability Trend
Overview In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, and...
Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert
Overview Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows...
Analysis of Ripple20 Vulnerabilities
1. Background Recently, the JSOF research lab discovered a series of vulnerabilities on the Treck TCP/IP stack, which were dubbed Ripple20. Successful exploit of these vulnerabilities may allow remote code execution or disclosure of sensitive information. Technical details will be fully released at BlackHat USA 2020. (more…)
