Overview On November 19, 2020 (Beijing time), Drupal released a security advisory that fixes a remote code execution vulnerability (CVE-2020-13671). Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or...
Categoria: Emergency Response
XStream Remote Code Execution Vulnerability (CVE-2020-26217) Threat Alert
Overview Recently, XStream released a security advisory that fixes a remote code execution vulnerability (CVE-2020-26217). The vulnerability may allow a remote attacker to execute arbitrary code by sending crafted requests to the web application that uses XStream and thereby taking control of the target server. XStream is a commonly used...
Windows Network File System Vulnerabilities (CVE-2020-17051, CVE-2020-17056) Threat Alert
Overview On November 10, 2020 local time, Microsoft fixed two vulnerabilities in the Windows Network File System (NFS) in its monthly security updates, which are CVE-2020-17051 and CVE-2020-17056. CVE-2020-17051 is a remote code execution vulnerability on the nfssvr.sys driver. It is said that the vulnerability can be reproduced to cause...
Microsoft’s November 2020 Patches Fix 112 Security Vulnerabilities Threat Alert
Overview Microsoft released November 2020 security updates on Tuesday which fix 112 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 17 critical vulnerabilities, 93 important vulnerabilities, and two low vulnerabilities. All users are advised to install updates without delay. These vulnerabilities affect Azure DevOps, Azure Sphere, Common...
Adobe Releases November’s Security Updates Threat Alert
Overview On November 11, 2020 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Connect and Adobe Reader Mobile. (mais…)
SaltStack Multiple Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592) Threat Alert
Overview Recently, SaltStack released a security update to address multiple vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592). These vulnerabilities can cause authentication bypass and command execution. SaltStack recommends users upgrade as soon as possible. Salt is an open-source IP architecture management solution written in Python. It has been widely used in data centers...
