Overview On July 14, 2020 local time, Oracle released its July 2020 Critical Patch Update (CPU), its own security advisories, and third-party security bulletins, which fix 443 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix. (mais…)
Categoria: Emergency Response
Adobe July 2020 Security Updates Threat Alert
Overview On July 14, 2020 local time, Adobe released its July security updates to fix multiple vulnerabilities in its various products, including Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe Genuine Service, Adobe ColdFusion, and Adobe Download Manager. (mais…)
Microsoft’s July 2020 Patches Fix 124 Security Vulnerabilities Threat Alert
Overview Microsoft released July 2020 security updates on Tuesday that fix 124 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure DevOps, Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint,...
F5 BIG-IP TMUI Remote Code Execution Vulnerability (CVE-2020-5902) Threat Alert
Vulnerability Description Recently, NSFOCUS detected that F5 had updated its security advisory on the Traffic Management User Interface (TUMI) remote code execution vulnerability (CVE-2020-5902). The affected 15.x versions were changed to 15.0.0–15.1.0, and bypassable workarounds and validation methods were updated. By accessing the TUMI via the BIG-IP management port or...
Citrix Multiple High-Risk Vulnerabilities Threat Alert
Vulnerability Description Recently, NSFOCUS detected that Citrix had released a security bulletin on the remediation of 11 vulnerabilities in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. Details are as follows: (mais…)
Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948) Patch Bypass Threat Alert
Overview On June 23, NSFOCUS reported that Apache Dubbo contained a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization. Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in Hessian, a default deserialization tool used by Apache Dubbo. An attacker may exploit it by sending malicious RPC requests...
