Overview On August 21, 2019, local time, Cisco officially released multiple security advisories, announcing remediation of critical vulnerabilities in a number of products. These vulnerabilities include authentication bypass and remote code execution vulnerabilities and the most critical one gets a CVSS score of 9.8. (mais…)
Categoria: Emergency Response
Aspose Remote Code Execution Vulnerabilities (CVE-2019-5032/5033/5041) Threat Alert
Overview Recently, Cisco Talos published several technical analysis reports, claiming that Aspose.cells and Aspose.words in Aspose products contain remote code execution vulnerabilities, which can be exploited via a maliciously crafted file to result in remote code execution. (mais…)
Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (CVE-2019-12643) Threat Alert
Overview On August 28, 2019, local time, Cisco released a security advisory, announcing remediation of an authentication bypass vulnerability (CVE-2019-12643) in the Cisco REST API virtual service container for Cisco IOS XE Software. (mais…)
Microsoft RDS Remote Code Execution Vulnerabilities (CVE-2019-1181-1182)Threat Alert
Vulnerability Overview On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In...
QEMU VM Escape Vulnerability (CVE-2019-14378) Threat Alert
Overview Recently, a security researcher disclosed a heap-based buffer overflow vulnerability (CVE-2019-14378) in the SLiRP networking backend in the QEMU emulator. An attacker could exploit this vulnerability to crash the QEMU process on a host machine, resulting in a denial of service, or possibly execute arbitrary code with privileges of...
Ghostscript .buildfont1 –dSAFER Sandbox Bypass Vulnerability
Vulnerability Overview Ghostscript is a suite of software based on an interpreter for Adobe System's PostScript and Portable Document Format (PDF) page description languages. It is widely used as a raster image processor (RIP) for raster computer printers. Currently, it has been ported from Linux to other operating systems, including...
