Vulnerability Description On December 10, 2019 local time, GitLab officially released an important version update notice, announcing three high-risk vulnerabilities in GitLab EE (Enterprise Edition). GitLab is an open source and web-based Git-repository management project. (more…)
Category: Emergency Response
Advisory: Two high-risk vulnerabilities in GoAhead web server
Vulnerability Description On December 2, 2019, Cisco Talos publicly released reports of a remote code execution vulnerability (CVE-2019-5096) and a denial of service vulnerability (CVE-2019-5097) for the GoAhead web server. GoAhead is an open source, simple, lightweight, and powerful embedded Web Server. It is a Web server tailored for embedded...
VMware ESXi Remote Code Execution Vulnerability (CVE-2019-5544) Threat Alert
Overview On December 5, local time, VMware officially released a security advisory that revealed a remote code execution vulnerability (CVE-2019-5544) in VMware ESXi and Horizon DaaS. The vulnerability is due to a heap overwrite issue in OpenSLP used in ESXi and Horizon DaaS appliances. Malicious users with access to port...
Harbor Multiple Vulnerabilities Threat Alert
Overview Today, VMware released five vulnerabilities for Harbor Container Registry, including two officially classified as critical vulnerabilities (CVE-2019-19025, CVE-2019-19023), and two high-risk vulnerabilities (CVE-2019-19029, CVE- 2019-19026), and a medium-risk vulnerability (CVE-2019-3990). (more…)
Apache Flink Arbitrary Jar Package Upload Threat Alert
Overview Recently, researchers have discovered the Apache Flink Jar package to upload the attack data. Attackers can exploit this vulnerability to upload a Jar package containing malicious code without authorization, thereby taking control of the target server. (more…)
Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409) Threat Alert
Vulnerability Description On November 18, local time, Apache Software Foundation (ASF) released an official security bulletin to reveal a remote code execution vulnerability (CVE-2019-12409) in Apache Solr. This vulnerability exists and can bring security risks because the configuration item ENABLE_REMOTE_JMX_OPTS in the configuration file solr.in.sh is enabled by default. If...
