Emergency Response Archives - Página 73 de 90

Cisco Small Business 220 Series Smart Switches Multiple Vulnerabilities Threat Alert

Por NSFOCUSPostou 14 de agosto de 2019

Overview On August 6, 2019, local time, Cisco released security advisories on remediation of three vulnerabilities in Small Business 220 Series Smart Switches, including two critical ones, one of which has a CVSS 3.0 score as high as 9.8. (mais…)

Hacker with digital dollar symbol overlay.

Apache Solr Remote Code Execution Vulnerability (CVE-2019-0193) Threat Alert

Por NSFOCUSPostou 13 de agosto de 2019

1 Vulnerability Overview Recently, Apache Software Foundation (ASF) issued a security bulletin to announce the fix of the remote arbitrary code execution vulnerability (CVE-2019-0193) in Apache Solr. This vulnerability exists in the DataImportHandler module, a common module used to import data from databases or other sources. The whole DIH configuration...

Businessman using tablet with global network.

ProFTPd Arbitrary File Copy Vulnerability (CVE-2019-12815) Threat Alert

Por NSFOCUSPostou 12 de agosto de 2019

Overview Recently, an official security bulletin was released to announce the remediation of an arbitrary file copy vulnerability (CVE-2019-12815) in ProFTPd. This vulnerability lies in the custom SITE CPFR and SITE CPTO operations in the mod_copy module. By issuing the two commands to ProFTPd, an attacker can copy any file...

Hacker in hoodie touching digital world map.

Jackson-databind Remote Code Execution Vulnerability Technical Analysis

Por NSFOCUSPostou 7 de agosto de 2019

Vulnerability Overview On June 21, Red Hat officially released a security bulletin to announce the fix for a vulnerability in jackson-dababind. This vulnerability with a CVSS score of 8.1 affects multiple Red Hat products and a sophisticated exploit using this vulnerability is observed in the wild. On July 22, a...

Holographic technology displaying data and graphs.

Jackson-databind Remote Code Execution Vulnerability (CVE-2019-12384) Threat Alert

Por NSFOCUSPostou 6 de agosto de 2019

Overview Recently, a security researcher discovered a vulnerability (CVE-2019-12384) in jackson-databind, noting that when certain conditions are met, an attacker, via a malicious request, could bypass the blacklist restriction and remotely execute code in an affected server during deserialization. (mais…)

Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis

Por NSFOCUSPostou 5 de agosto de 2019

1 Vulnerability Description Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (mais…)