Emergency Response

GitLab EE / CE Information Disclosure Vulnerability (CVE-2020-6832) Security Alert

January 24, 2020 | Mina Hao

Vulnerability Description On January 14th, GitLab officially released an important version update security notice, fixing a vulnerability (CVE-2020-6832) that could lead to private project inform-ation disclosure. GitLab is an open source project for a warehouse management system. It uses Git as a code management tool and a web service built on it.

Cisco Data Center Network Manager (DCNM) authentication bypass vulnerability Security Alert

January 21, 2020 | Mina Hao

Overview Multiple vulnerabilities in the authentication mechanism of Cisco Data Center Network Manager (dcnm) (cve-2019-15975, cve-2019-15976, cve-2019-15977) may allow unauthorized remote attackers to bypass authentication and perform arbitrary operations with administrative privileges on the affected devices.

Apache Log4j Deserialization Remote Code Execution (CVE-2019-17571) Vulnerability Threat Alert

January 6, 2020 | Mina Hao

Vulnerability Description On December 19 local time, Apache Software Foundation (ASF) officially released a security advisory, announcing that Apache Log4j has a deserialization issue that could cause remote code execution (CVE-2019-17571). Log4j is a Java-based open-source logging tool from the Apache Software Foundation. Log4j 1.2 includes a SocketServer class which can easily accept serialized log […]

Advisory: Drupal fixes multiple vulnerabilities

January 2, 2020 | Mina Hao

Overview On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities.

Microsoft’s December 2019 Security Update Fixes 38 Security Vulnerabilities

December 30, 2019 | Mina Hao

Overview Microsoft released 2019 December security update on Tuesday that fixes 38 security issues ranging from simple spoofing attacks to remote code execution in various products, including End of Life Software, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, None, Open Source Software, Servicing Stack Updates, Skype for Business, SQL Server, Visual Studio, […]

Adobe Security Advisory for December Security Updates

December 29, 2019 | Mina Hao

Overview On December 11, local time, Adobe officially released a December security update that fixes multiple vulnerabilities in Adobe’s many products, including Adobe Photoshop CC, Adobe Acrobat and Reader, Brackets, and Adobe ColdFusion. For details, visit the following link: https://helpx.adobe.com/security.html

Advisory: Gitlab EE multiple high-risk vulnerabilities

December 24, 2019 | Mina Hao

Vulnerability Description On December 10, 2019 local time, GitLab officially released an important version update notice, announcing three high-risk vulnerabilities in GitLab EE (Enterprise Edition). GitLab is an open source and web-based Git-repository management project.

Advisory: Two high-risk vulnerabilities in GoAhead web server

December 23, 2019 | Mina Hao

Vulnerability Description On December 2, 2019, Cisco Talos publicly released reports of a remote code execution vulnerability (CVE-2019-5096) and a denial of service vulnerability (CVE-2019-5097) for the GoAhead web server. GoAhead is an open source, simple, lightweight, and powerful embedded Web Server. It is a Web server tailored for embedded real-time operating systems (RTOS) and […]

VMware

VMware ESXi Remote Code Execution Vulnerability (CVE-2019-5544) Threat Alert

December 20, 2019 | Mina Hao

Overview On December 5, local time, VMware officially released a security advisory that revealed a remote code execution vulnerability (CVE-2019-5544) in VMware ESXi and Horizon DaaS. The vulnerability is due to a heap overwrite issue in OpenSLP used in ESXi and Horizon DaaS appliances. Malicious users with access to port 427 on the ESXi host […]

Harbor Multiple Vulnerabilities Threat Alert

December 17, 2019 | Mina Hao

Overview Today, VMware released five vulnerabilities for Harbor Container Registry, including two officially classified as critical vulnerabilities (CVE-2019-19025, CVE-2019-19023), and two high-risk vulnerabilities (CVE-2019-19029, CVE- 2019-19026), and a medium-risk vulnerability (CVE-2019-3990).