Emergency Response Archives - Página 74 de 90

Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert

Por NSFOCUSPostou 31 de julho de 2019

Overview On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical. (mais…)

Hacker with digital dollar symbol overlay.

Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert

Por NSFOCUSPostou 29 de julho de 2019

1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met: An SMTP server has been configured in Jira and the Contact Administrators Form...

Oracle July 2019 Critical Patch Update for All Product Families Threat Alert

Por NSFOCUSPostou 26 de julho de 2019

Overview On July 16, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 319 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link: For...

Fastjson Remote Code Execution Vulnerability Threat Alert

Por NSFOCUSPostou 23 de julho de 2019

Overview Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option....

Redis Active/Standby Synchronization Code Execution Vulnerability Threat Alert

Por NSFOCUSPostou 19 de julho de 2019

1 Vulnerability Description Written in ANSIC, Redis is an open-source, memory- or network-bound key-value database which can store logs in a persistent manner. It provides multilingual APIs. (mais…)

Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities

Por NSFOCUSPostou 16 de julho de 2019

Overview Microsoft released July 2019 security updates on Tuesday which fix 79 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, ASP.NET, Azure, Azure DevOps, Internet Explorer, Microsoft Browsers, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint,...