Overview Recently, a security researcher announced a remote code execution vulnerability in Apache Flink Dashboard. The vulnerability does not require an attacker to authenticate, and a malicious Jar package can be uploaded via the dashboard to execute the code remotely. NSFOCUS researchers also made a successful re-enactment through research, confirming...
Category: Emergency Response
Advisory: Apache Shiro RememberMe Padding Oracle Vulnerability
Vulnerability Description In September 2019, Apache officially released a vulnerability topic "RememberMe Padding Oracle Vulnerability" numbered SHIRO-721. The issue pointed out that because the RememberMe field of the Apache Shiro cookie is encrypted by the AES-128-CBC mode, Shiro is vulnerable to Padding Oracle attacks. An attacker can use the Legal...
Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities
Overview Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine. (more…)
Adobe Security Bulletins for November 2019 Security Updates Threat Alert
Overview On November 12, local time, Adobe officially released the November security update, which fixes multiple vulnerabilities in Adobe's various products, including Adobe Bridge CC, Adobe Media Encoder, Adobe Illustrator CC, and Adobe Animate CC. (more…)
Advisory: Squid Multiple High-risk Vulnerability
Vulnerability Description On November 5, local time, Squid officially released a security bulletin to fix multiple vulnerabilities, including a high-risk buffer overflow vulnerability that could lead to code execution (CVE-2019-12526), ​​an information disclosure vulnerability (CVE-2019-18679) And HTTP request splitting problem (CVE-2019-18678). (more…)
Advisory: Open-Source Compression Library Libarchive Code Execution Vulnerability (CVE-2019-18408)
Overview Recently, a code execution vulnerability (CVE-2019-18408) was disclosed in the security update of Debian, Ubuntu, Gentoo and other distributions. (more…)
