Overview Multiple vulnerabilities in the authentication mechanism of Cisco Data Center Network Manager (dcnm) (cve-2019-15975, cve-2019-15976, cve-2019-15977) may allow unauthorized remote attackers to bypass authentication and perform arbitrary operations with administrative privileges on the affected devices.
Vulnerability Description On December 19 local time, Apache Software Foundation (ASF) officially released a security advisory, announcing that Apache Log4j has a deserialization issue that could cause remote code execution (CVE-2019-17571). Log4j is a Java-based open-source logging tool from the Apache Software Foundation. Log4j 1.2 includes a SocketServer class which can easily accept serialized log […]
Overview On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities.
Overview Microsoft released 2019 December security update on Tuesday that fixes 38 security issues ranging from simple spoofing attacks to remote code execution in various products, including End of Life Software, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, None, Open Source Software, Servicing Stack Updates, Skype for Business, SQL Server, Visual Studio, […]
Overview On December 11, local time, Adobe officially released a December security update that fixes multiple vulnerabilities in Adobe’s many products, including Adobe Photoshop CC, Adobe Acrobat and Reader, Brackets, and Adobe ColdFusion. For details, visit the following link: https://helpx.adobe.com/security.html
Vulnerability Description On December 10, 2019 local time, GitLab officially released an important version update notice, announcing three high-risk vulnerabilities in GitLab EE (Enterprise Edition). GitLab is an open source and web-based Git-repository management project.
Vulnerability Description On December 2, 2019, Cisco Talos publicly released reports of a remote code execution vulnerability (CVE-2019-5096) and a denial of service vulnerability (CVE-2019-5097) for the GoAhead web server. GoAhead is an open source, simple, lightweight, and powerful embedded Web Server. It is a Web server tailored for embedded real-time operating systems (RTOS) and […]
Overview On December 5, local time, VMware officially released a security advisory that revealed a remote code execution vulnerability (CVE-2019-5544) in VMware ESXi and Horizon DaaS. The vulnerability is due to a heap overwrite issue in OpenSLP used in ESXi and Horizon DaaS appliances. Malicious users with access to port 427 on the ESXi host […]
Overview Today, VMware released five vulnerabilities for Harbor Container Registry, including two officially classified as critical vulnerabilities (CVE-2019-19025, CVE-2019-19023), and two high-risk vulnerabilities (CVE-2019-19029, CVE- 2019-19026), and a medium-risk vulnerability (CVE-2019-3990).
Overview Recently, researchers have discovered the Apache Flink Jar package to upload the attack data. Attackers can exploit this vulnerability to upload a Jar package containing malicious code without authorization, thereby taking control of the target server.
