Overview Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option....
Category: Emergency Response
Redis Active/Standby Synchronization Code Execution Vulnerability Threat Alert
1 Vulnerability Description Written in ANSIC, Redis is an open-source, memory- or network-bound key-value database which can store logs in a persistent manner. It provides multilingual APIs. (more…)
Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities
Overview Microsoft released July 2019 security updates on Tuesday which fix 79 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, ASP.NET, Azure, Azure DevOps, Internet Explorer, Microsoft Browsers, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint,...
Adobe Security Advisory for July 2019 Security Updates
Overview On July 9, 2019, local time, Adobe officially released July's security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge CC, Adobe Experience Manager, and Adobe Dreamweaver. (more…)
Linux Kernel Multiple Remote Denial-of-Service Vulnerabilities Threat Alert
Overview Recently, Red Hat released a security bulletin, pointing out multiple TCP-based remote denial-of-service vulnerabilities in the Linux kernel, namely, a SACK Panic vulnerability of important severity and two other vulnerabilities of moderate severity. (more…)
TP-Link Wi-Fi Extenders Remote Code Execution Vulnerability (CVE-2019-7406) Threat Alert
Overview Recently, a security expert from IBM X-Force discovered a remote code execution vulnerability (CVE-2019-7406) in multiple models of TP-Link Wi-Fi extenders. This vulnerability can be exploited by unauthenticated, remote attackers by sending a malformed HTTP request so as to execute arbitrary shell commands on a target Wi-Fi extender. The...
