Emergency Response Archives - Página 13 de 90

API request and response interface screenshot.

Remote Code Execution Vulnerability between GeoServer and GeoTools (CVE-2024-36401/CVE-2024-36404) Notification

Por NSFOCUSPostou 3 de julho de 2024

Overview Recently, NSFOCUS CERT detected that GeoServer and GeoTools issued security announcements and fixed the XPath expression injection vulnerability in GeoServer and GeoTools (CVE-2024-36404). As the GeoTools library API called by GeoServer will pass the attribute name of element type to commons-jxpath library in an insecure manner, this library can...

CentOS desktop with terminal window open.

OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) Notification

Por NSFOCUSPostou 2 de julho de 2024

Overview Recently, NSFOCUS CERT detected that OpenSSH issued a security announcement and fixed the remote code execution vulnerability of OpenSSH (CVE-2024-6387). Due to a signal handler race condition issue in OpenSSH Server (sshd) under the default configuration, if the client does not authenticate within seconds of LoginGraceTime (120 seconds by...

Multiple High-risk Vulnerabilities (CVE-2024-37079/CVE-2024-37080/CVE-2024-37081) in VMware vCenter Server Notification

Por NSFOCUSPostou 20 de junho de 2024

Overview Recently, NSFOCUS CERT detected that VMware released a security announcement to fix the heap overflow vulnerability (CVE-2024-37079/CVE-2024-37080) and privilege escalation vulnerability (CVE-2024-37081) in VMware vCenter Server. At present, the official version has been fixed. Please take measures for protection. CVE-2024-37079/CVE-2024-37080: Because the vCenter Server has a heap overflow vulnerability...

Project summary page with fixed versions list.

Microsoft’s Security Update Notification in June of High-Risk Vulnerabilities in Multiple Products

Por NSFOCUSPostou 18 de junho de 2024

Overview Recently, NSFOCUS CERT detected that Microsoft released a security update patch for June, which fixed 49 security issues involving widely used products such as Windows, Azure, Microsoft Office and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft's...

PHP CGI Windows Platform Remote Code Execution Vulnerability (CVE-2024-4577) Advisory

Por NSFOCUSPostou 12 de junho de 2024

Overview NSFOCUS CERT has monitored the disclosure of a PHP CGI Windows platform remote code execution vulnerability (CVE-2024-4577) on the internet recently. Due to PHP's oversight of the Best-Fit character mapping feature of the Windows system during its design, running PHP in CGI mode on the Windows platform and using...

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Notice

Por NSFOCUSPostou 6 de junho de 2024

Overview Recently, NSFOCUS CERT detected that the details and verification tools of a Linux kernel privilege escalation vulnerability (CVE-2024-1086) are disclosed on the internet. Because the netfilter: nf _ tables component of the Linux kernel has a post-release reuse vulnerability, the nft _ verdict _ init () function allows positive...