Overview On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix. For complete information, see Oracle's official security...
Categoria: Emergency Response
Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert
Overview Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows...
Adobe Releases October’s Security Updates Threat Alert
Overview On October 13, 2020 (local time), Adobe released security updates which address a vulnerability in Adobe Flash Player. For details about the security bulletins and advisories, visit the following link: https://helpx.adobe.com/security.html (mais…)
Yii2 Deserialization Remote Command Execution Vulnerability (CVE-2020-15148) Protection Solution
Overview Recently, NSFOCUS detected that Yii Framework 2 disclosed a deserialization remote command execution vulnerability (CVE-2020-15148) in its update log published on September 14, 2020. By adding the _wakeup() function to Class yii\db\BatchQueryResult, Yii Framework 2 disables yii\db\BatchQueryResult deserialization and prevents remote command execution caused by application calling 'unserialize()' on...
Linux Kernel Privilege Escalation Vulnerability (CVE-2020-14386) Threat Alert
Vulnerability Description Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect...
WebSphere XML External Entity Injection Vulnerability (CVE-2020-4643) Handling Guide
Vulnerability Description Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server. The NSFOCUS...
