Emergency Response Archives - Página 42 de 90

XStream Multiple High-Risk Vulnerabilities Threat Alert

Por Jie JiPostou 25 de março de 2021

Vulnerability Description Recently, NSFOCUS detected that XStream released security advisories disclosing 11 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct DoS and SSRF attacks, delete arbitrary files, and lead to arbitrary RCE. XStream is a tool for converting between Java objects and XML. When serializing...

Earth horizon with digital code overlay.

F5 BIG-IP/BIG-IQ High-Risk Vulnerabilities Threat Alert

Por Jie JiPostou 24 de março de 2021

Vulnerability Description On March 11, NSFOCUS observed that F5 released a security bulletin to announce the fix of multiple high-risk vulnerabilities, CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, and CVE-2021-22992, which affect BIG-IP and BIG-IQ in F5. Users are advised to take preventive measures as soon as possible. BIG-IP is an...

GitLab Remote Code Execution Vulnerability Threat Alert

Por Jie JiPostou 22 de março de 2021

Vulnerability Description On March 19, 2021, NSFOCUS detected that GitLab released patches for a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE), which was assigned a CVSS base score of 9.9. Unauthorized authenticated attackers could craft malicious requests via controllable markdown rendering options, thereby executing arbitrary...

Microsoft March Security Updates for Multiple High-Risk Product Vulnerabilities

Por Jie JiPostou 18 de março de 2021

Vulnerability Description On March 10, 2021, Beijing time, Microsoft released March 2021 Security Updates that fix 89 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Internet Explorer, and Visual Studio. In these security...

Graph of high-volume DDoS attacks, 2017-2019.

Microsoft Exchange Server Multiple High-Risk Vulnerabilities

Por Jie JiPostou 9 de março de 2021

Vulnerability Description On March 2, NSFOCUS observed that Microsoft released emergency security updates to fix seven vulnerabilities in Exchange Server. Exchange server-side request forgery vulnerability (CVE-2021-26855): An unauthenticated attacker, via a crafted HTTP request, could exploit this vulnerability to scan the intranet and authenticate as Exchange Server. Exchange Server deserialization...

Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2021-2532 9) Threat Alert

Por Jie JiPostou 5 de março de 2021

Vulnerability Description On March 1, 2021, NSFOCUS observed that Apache Software Foundation (ASF) released a security bulletin to announce the fix of a remote code execution vulnerability via session persistence. This vulnerability is due to the bypass of the patch against CVE-2020-9484. If Tomcat's session persistence function is used, its...