Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. Because the SSH underlying layer relies on liblzma, an attacker could exploit this vulnerability to bypass SSH authentication and gain unauthorized access to affected systems,...
Tag: Vulnerability
NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability
Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL - Flexible Server is a relational database service based on the open-source PostgreSQL database engine. It is a fully managed database-as-a-service that can handle mission-critical workloads, offering predictable performance,...
NSFOCUS Receives CNVD Outstanding Contribution Award for Original Vulnerability Submission
The CNVD (China National Vulnerability Database) platform recently initiated the 2022 annual technical group support unit's capability assessment. A comprehensive assessment was conducted across six capability domains, including vulnerability collection, vulnerability discovery, big data analysis of vulnerability threat risks, vulnerability technical analysis, major vulnerability incident response, and collaborative teamwork. NSFOCUS...
Adobe Security Bulletin for December 2018 Security Updates
Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader. (more…)
Oracle October 2018 Critical Patch Update for All Product Families Threat Alert
Overview On October 16, 2018, local time, Oracle released its quarterly security advisory of the Critical Patch Update (CPU) for the third quarter. The CPU fixes 301 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)
