Emergency Response Archives - Página 61 de 90

Cityscape with digital padlock and circuit design.

Jackson-databind Remote Code Execution Vulnerability (CVE-2020-8840) Threat Alert

Por NSFOCUSPostou 9 de março de 2020

Vulnerability Description On February 19, National Vulnerability Database (NVD) disclosed a remote code execution vulnerability (CVE-2020-8840) that resulted from JNDI injection in jackson-databind and assigned a CVSS score of 9.8. Affected versions of jackson-databind lack certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. An attacker could exploit this vulnerability to...

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2020-0618) Threat Alert

Por NSFOCUSPostou 3 de março de 2020

Vulnerability Description On February 12, Microsoft released a security update to announce the fix of the remote code execution vulnerability (CVE-2020-0618) in Microsoft SQL Server Reporting Services. SQL Server, developed by Microsoft, is a relational database management system (RDBMS) that is widely used in the world. (mais…)

Apache Tomcat File Inclusion Vulnerability (CVE-2020-1938) Threat Alert

Por NSFOCUSPostou 2 de março de 2020

Vulnerability Description On February 20, China National Vulnerability Database (CNVD) released an Apache Tomcat file inclusion vulnerability (CNVD-2020-10487/CVE-2020-1938). This vulnerability is due to a flaw in the Tomcat Apache JServ Protocol (AJP). An attacker could exploit this vulnerability to read arbitrary files from a web application directory on the server....

Futuristic glowing circuit board with neon lights.

Django SQL Injection (CVE-2020-7471) Threat Alert

Por NSFOCUSPostou 28 de fevereiro de 2020

Vulnerability Description On February 3, Django Software Foundation (DSF) released a security bulletin, announcing the fix of a SQL injection vulnerability (CVE-2020-7471) that is exploited via a StringAgg delimiter. An attacker could break escaping and inject malicious SQL statements by passing a crafted delimiter to the aggregation function contrib.postgres.aggregates.StringAgg. (mais…)

Microsoft Multiple Products Critical Vulnerabilities Threat Alert

Por NSFOCUSPostou 26 de fevereiro de 2020

Vulnerability Description On February 12, 2020, Microsoft released February security update that fixed 100 security issues, including critical vulnerabilities like privilege escalation and remote code execution, found in Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, and other widely used applications. (mais…)

Apache Dubbo Deserialization Vulnerability (CVE-2019-17564) Threat Alert

Por NSFOCUSPostou 25 de fevereiro de 2020

Overview Recently, researchers from the Chekmarx team discovered and released a deserialization vulnerability (CVE-2019-17564) existing in Apache Dubbo. Apache Dubbo is a high-performance Java RPC framework. This vulnerability exists in Dubbo application which has the HTTP protocol enabled for communication. An attacker could exploit this vulnerability by submitting a POST...