Emergency Response Archives - Página 17 de 90

Citrix NetScaler ADC and Gateway Sensitive Information Disclosure Vulnerability (CVC-2023-4966) Notification

Por NSFOCUSPostou 26 de outubro de 2023

Overview Recently, NSFOCUS CERT detected a sensitive information disclosure vulnerability in Citrix NetScaler ADC and Gateway (CVE-2023-4966). When the device is configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or AAA virtual server, unauthorized remote attackers can exploit this vulnerability to access sensitive information and cause...

Apache ActiveMQ Remote Code Execution Vulnerability Notification

Por NSFOCUSPostou 25 de outubro de 2023

Overview Recently, NSFOCUS CERT found that the open source message middleware ActiveMQ developed by the Apache Software Foundation had an XML external entity injection vulnerability. Since the port 61616 was opened by default after the installation of ActiveMQ was started, and the TcpTransport function did not perform necessary checks on...

Flowchart with conditional logic and code blocks.

Microsoft’s October security update for multiple high-risk product vulnerabilities

Por NSFOCUSPostou 12 de outubro de 2023

Overview On October 11, NSFOCUS CERT monitored that Microsoft had released a security update patch for October, fixing 104 security problems, involving Microsoft WordPad, Skype for Business, Windows Layer 2 Tunneling Protocol, Microsoft Message Queuing and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code...

curl SOCKS5 Heap Overflow Vulnerability (CVC-2023-38545) Notification

Por NSFOCUSPostou 12 de outubro de 2023

Overview Recently, NSFOCUS monitored curl's official security announcement, which fixed the SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545) and cookie injection vulnerability (CVE-2023-38546). The details of the vulnerability have been made public. Affected users should upgrade curl as soon as possible. SOCKS5 Heap Buffer Overflow Vulnerability (CVS 2023-38545) When curl is...

Cybercrime statistics and economic impact in China.

Exim Remote Code Execution Vulnerability (CVS 2023-42115) Notification

Por NSFOCUSPostou 10 de outubro de 2023

Overview Recently, NSFOCUS CERT detected an Exim remote code execution vulnerability (CVE-2023-42115). When external authentication is enabled, due to improper user input verification, an unauthenticated attacker can remotely exploit this vulnerability by writing data beyond the bounds, ultimately executing arbitrary code on the target server. At present, the details of...

Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification

Por NSFOCUSPostou 1 de outubro de 2023

Overview Recently, NSFOCUS CERT found that Google officially fixed a zero-day exploit (CVE-2023-5217), which was caused by the heap buffer overflow in the VP8 encoding of the open source libvpx video codec library. An attacker could use this vulnerability to execute arbitrary code on the target system. At present, this...