Emergency Response Archives - Página 32 de 90

Heraldic crest with shield and crossed swords.

Microsoft’s July security update for multiple high-risk product vulnerabilities

Por Jie JiPostou 18 de julho de 2022

Overview On July 13, NSFOCUS CERT detected that Microsoft released the July security update patch, which fixed 84 security issues, involving widely used products such as Windows, Microsoft Office, Windows Print Spooler Components, Windows Hyper-V, and Azure Site Recovery, and included high-risk vulnerability types such as privilege escalation and remote...

Multiple High-Risk Vulnerability Alerts of GitLab

Por Jie JiPostou 3 de julho de 2022

Overview On July 1, 2022, NSFOCUS CERT detected that GitLab officially released a security bulletin and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). Please take measures to protect it as soon as possible. GitLab Remote Code Execution Vulnerability (CVE-2022-2185): A remote code execution vulnerability...

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134) Notification

Por Jie JiPostou 17 de junho de 2022

Overview Recently, NSFOCUS CERT detected that Atlassian officially released a security bulletin for Confluence Server and Data Center OGNL injection vulnerability (CVE-2022-26134). Remote attackers can construct OGNL expressions for injection without authentication to execute arbitrary code on Confluence Server or Data Center, with a CVSS score of 10. At present,...

Millions of Devices May Be Affected, and Yeskit Botnet Family Spreads on a Massive Scale by Exploiting F5 BIG-IP Vulnerability

Por Jie JiPostou 2 de junho de 2022

Background On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8....

Multiple OpenSSL Security Vulnerabilities Alerts

Por Jie JiPostou 18 de maio de 2022

Overview Recently, NSFOCUS CERT found that OpenSSL issued a security notice, which fixed multiple security vulnerabilities in OpenSSL products. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. It is...

F5 BIG-IP iControl REST Authentication Bypass Vulnerability (CVE-2022-1388) Alert

Por Jie JiPostou 11 de maio de 2022

Overview Recently, NSFOCUS CERT detected that F5 issued a security bulletin to fix an authentication bypass vulnerability in BIG-IP. Unauthenticated attackers can use the control interface to exploit, through the BIG-IP management interface or its own IP address. Network access to the iControl REST interface to execute arbitrary system commands,...