Overview On December 8, 2020, local time, OpenSSL released a security advisory disclosing a NULL pointer dereference vulnerability (CVE-2020-1971), rating the vulnerability as High-risk. The vulnerability exists in the GENERAL_NAME_cmp function in OpenSSL. GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not. When both...
Categoria: Emergency Response
Struts2 S2-061 Remote Code Execution Vulnerability (CVE-2020-17530) Threat Alert
Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is...
Adobe Releases December’s Security Updates Threat Alert
Overview On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom. (mais…)
Microsoft’s December 2020 Patches Fix 58 Security Vulnerabilities Threat Alert
Overview Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay. (mais…)
Citrix SD-WAN Vulnerabilities Threat Alert
Overview Recently, Citrix SD-WAN released a security update to address three vulnerabilities (CVE-2020-8271, CVE-2020-8272, CVE-2020-8273). These vulnerabilities allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. At present, there exist detailed analysis of relevant vulnerabilities and the proof of concept (POC) concerning...
Multiple Cisco Vulnerabilities Threat Alert-1
Overview On November 18, 2020 (local time), Cisco released security advisories fixing vulnerabilities in multiple products. These vulnerabilities include three high-risk ones: CVE-2020-3531, CVE-2020-3586, and CVE-2020-3470. Reference link: https://tools.cisco.com/security/center/publicationListing.x (mais…)
