Emergency Response Archives - Página 75 de 90

Adobe Security Advisory for July 2019 Security Updates

Por NSFOCUSPostou 12 de julho de 2019

Overview On July 9, 2019, local time, Adobe officially released July's security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge CC, Adobe Experience Manager, and Adobe Dreamweaver. (mais…)

Linux Kernel Multiple Remote Denial-of-Service Vulnerabilities Threat Alert

Por NSFOCUSPostou 25 de junho de 2019

Overview Recently, Red Hat released a security bulletin, pointing out multiple TCP-based remote denial-of-service vulnerabilities in the Linux kernel, namely, a SACK Panic vulnerability of important severity and two other vulnerabilities of moderate severity. (mais…)

White Wi-Fi range extender with antennas.

TP-Link Wi-Fi Extenders Remote Code Execution Vulnerability (CVE-2019-7406) Threat Alert

Por NSFOCUSPostou 24 de junho de 2019

Overview Recently, a security expert from IBM X-Force discovered a remote code execution vulnerability (CVE-2019-7406) in multiple models of TP-Link Wi-Fi extenders. This vulnerability can be exploited by unauthenticated, remote attackers by sending a malformed HTTP request so as to execute arbitrary shell commands on a target Wi-Fi extender. The...

Holographic technology displaying data and graphs.

Apache Axis Remote Code Execution 0-Day Vulnerability Handling Guide

Por NSFOCUSPostou 21 de junho de 2019

Vulnerability Overview Recently, by using the Attack Trend Monitoring system (ATM), the NSFOCUS security team has discovered an Apache Axis remote command execution vulnerability, which allows attackers to obtain privileges of the target server and remotely execute commands without authorization by sending a crafted HTTP-POST request. (mais…)

Oracle WebLogic Remote Code Execution Vulnerability (CVE-2019-2725) Patch Bypass Threat Alert

Por NSFOCUSPostou 18 de junho de 2019

Overview Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is...

Windows NTLM Tampering Vulnerability (CVE-2019-1040) Threat Alert

Por NSFOCUSPostou 17 de junho de 2019

1 Vulnerability Overview On June 12, 2019, Beijing time, Microsoft released security patches for the Windows NTLM tampering vulnerability (CVE-2019-1040), which exists in Windows operating systems and allows attackers to bypass the NTLM MIC (Message Integrity Check) protection. (mais…)