Vulnerability Description On May 28, Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine. (mais…)
Categoria: Emergency Response
Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2020-9484) Threat Alert
Overview Recently, Apache Tomcat released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2020-9484) due to persistent session. An attacker can exploit this vulnerability only when the following conditions are met: The attacker can take control of the contents and name of a file on the...
Cisco Unified Contact Center Express (Unified CCX) Deserialization Code Execution Vulnerability (CVE-2020-3280) Threat Alert
Overview Recently, Cisco officially released a security advisory, announcing the fix of a high-risk vulnerability (CVE-2020-3280) in Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can...
WellinTech KingView Multiple Vulnerabilities Threat Alert
Overview Some versions of WellinTech KingView are prone to multiple vulnerabilities, including the real-time database access authorization bypass vulnerability and denial-of-service vulnerability existing in the web data transmission service. Vulnerability details are as follows: 1. KingView real-time database access authorization bypass vulnerability (CNVD-C-2020-87074) 2. KingView denial-of-service vulnerability existing in the...
Microsoft’s Security Bulletin for May Patches That Fix 111 Security Vulnerabilities Threat Alert
Overview Microsoft released the May 2020 security patch on Tuesday that fixes 111 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Common Log File System Driver, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database...
Adobe Releases May’s Security Updates Threat Alert
Overview On May 12, 2020, local time, Adobe officially released July's security updates to fix multiple vulnerabilities in its various products, including Adobe DNG Software Development Kit (SDK) and Adobe Acrobat and Reader. For details about the security update, visit the following link: https://helpx.adobe.com/security.html (mais…)
