Emergency Response Archives - Página 31 de 90

Line graph of Level 5 DDoS IP addresses.

Microsoft’s September security update for multiple high-risk product vulnerabilities

Por Jie JiPostou 15 de setembro de 2022

Overview On September 14, NSFOCUS CERT detected that Microsoft released the September security update patch, which fixed 63 security issues, involving widely used products such as Windows TCP/IP, .NET Framework, Windows Print Spooler Components, and Windows LDAP. Including high-risk vulnerability types such as privilege escalation and remote code execution. Among...

Apache Hadoop Remote Code Execution Vulnerability (CVE-2022-25168) Alert

Por Jie JiPostou 16 de agosto de 2022

Overview Recently, NSFOCUS CERT found that Apache Hadoop officially fixed a command injection vulnerability. Since Apache Hadoop's FileUtil.unTar API does not escape the input filename before passing it to the shell, an attacker could exploit this vulnerability to inject arbitrary commands and thus achieve remote code execution. Affected users are...

Critical VMware Product Vulnerability Alerts

Por Jie JiPostou 10 de agosto de 2022

Overview Recently, NSFOCUS CERT detected that VMware officially issued a security notice to fix multiple vulnerabilities in products such as VMware Workspace ONE Access, Identity Manager, and VMware vRealize Automation. Attackers can use these vulnerabilities to cause privilege escalation and remote code execution. At present, the official security update has...

Multiple High-Risk Vulnerability Alerts in Atlassian

Por Jie JiPostou 1 de agosto de 2022

Overview Recently, NSFOCUS CERT has detected that Atlassian has officially released a security bulletin, which has fixed several high-risk vulnerabilities in Atlassian products, and relevant users are requested to take measures to protect them. Arbitrary Servlet Filter Bypass Vulnerability (CVE-2022-26136): Vulnerabilities in multiple Atlassian products allow unauthenticated remote attackers to...

Critical Patch Update for All Oracle Products in July

Por Jie JiPostou 27 de julho de 2022

Overview On July 20, 2022, NSFOCUS CERT monitored and found that Oracle officially released the CPU (Critical Patch Update) in July. A total of 349 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server, Oracle MySQL, Oracle Java SE, Oracle Retail Applications and many...

Apache Spark Shell Command Injection Vulnerability (CVE-2022-33891) Alerts

Por Jie JiPostou 21 de julho de 2022

Overview Recently, NSFOCUS CERT detected that Apache officially released a security bulletin and fixed a command injection vulnerability (CVE-2022-33891) in Apache Spark. Since the Apache Spark UI enables acl through the configuration option Spark.acl.enable, by using an authentication filter, it is possible to check if a user has access to...