Overview In May, Qualys publicly disclosed 21 security vulnerabilities in the Exim server, announcing that these vulnerabilities affected all Exim versions released after 2004 and most of them can be exploited in default configurations. Recently, NSFOCUS found that certain vulnerability details and PoCs were publicly available. Among the vulnerabilities, the...
Categoria: Emergency Response
Microsoft August Security Updates for Multiple High-Risk Product Vulnerabilities
Overview According to NSFOCUS CERT's monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure. This month's security updates fix seven critical vulnerabilities and...
Windows Privilege Escalation Vulnerability (CVE-2021-36934) Threat Alert
Overview Recently, NSFOCUS CERT discovered a critical security bulletin released by Microsoft to disclose a privilege escalation vulnerability (CVE-2021-36934) in Windows. A privilege escalation vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files (including the Security Account Manager (SAM) database). When a built-in administrator account...
Linux Kernel Privilege Escalation Vulnerability (CVE-2021-33909) Threat Alert
Overview Recently, NSFOCUS CERT discovered that the Qualys research team disclosed a local privilege escalation vulnerability (CVE-2021-33909, aka Sequoia) in the filesystem layer in the Linux kernel. It is a size_t-to-int type conversion vulnerability in the seq_file interface in the Linux kernel. fs/seq_file.c's improper restriction of the seq buffer allocation...
WebLogic Multiple High-Risk Vulnerabilities Threat Alert
Overview On July 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. Among these vulnerabilities, three severe ones are easy to exploit to affect WebLogic. Users are advised to take measures without delay to protect against the...
Oracle July 2021 Critical Patch Update for All Product Families
Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly...
