TTCSIRT-312.050420: TT-CSIRT ADVISORY – VMWARE ESXI STORED CROSS-SITE SCRIPTING (XSS) VULNERABILITY

  • Home
  • Archive for category "Security Advisories"
TTCSIRT-312.050420: TT-CSIRT ADVISORY – VMWARE ESXI STORED CROSS-SITE SCRIPTING (XSS) VULNERABILITY
By

A Stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi was privately reported to VMware. Patches are available to address this vulnerability in affected VMware products. VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955). The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the […]

Read More
TTCSIRT-311.050420: TT-CSIRT ADVISORY – AUTHENTICATION BYPASS IN FORTIMAIL AND FORTIVOICE ENTERPRISE
By

An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. As a result, this can lead to Improper Access Control. Products Affected: FortiMail versions 5.4.10 and below.FortiMail versions 6.0.7 and below.FortiMail versions 6.2.2 and […]

Read More
TTCSIRT-310.041520: TT-CSIRT ADVISORY – MICROSOFT RELEASES APRIL 2020 SECURITY UPDATES
By

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review Microsoft’s April 2020 Security Update Summary and Deployment Information and apply the necessary updates. Security Update Summary: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr Deployment Information: https://support.microsoft.com/en-us/help/20200414/security-update-deployment-information-april-14-2020

Read More
TTCSIRT-309.041520: TT-CSIRT ADVISORY – INTEL RELEASES SECURITY UPDATES
By

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain escalation of privileges. TT-CSIRT encourages users and administrators to review the following Intel advisories and apply the necessary updates or workarounds: Data Migration Software Advisory- INTEL-SA-00327 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html PROSet/Wireless WiFi Software Advisory- INTEL-SA-00338 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html Driver […]

Read More
TTCSIRT-308.041520: TT-CSIRT ADVISORY – ORACLE CRITICAL PATCH UPDATE
By

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to the following […]

Read More
TTCSIRT-306.041520: TT-CSIRT ADVISORY- ADOBE RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
By

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. ColdFusion: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html After Effects: https://helpx.adobe.com/security/products/after_effects/apsb20-21.html Digital Editions: https://helpx.adobe.com/security/products/Digital-Editions/apsb20-23.html

Read More
TTCSIRT-305.041020: TT-CSIRT ADVISORY- XSS VULNERABILITY IN THE DASHBOARD NAME PARAMETER OF FortiADC
By

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. Impact: Execute Unauthorized Code or Commands Affected Products: FortiADC version 5.3.4 and belowFortiADC version 5.4.0 and below Solutions: Upgrades to FortiADC versions 5.3.5 or above and FortiADC […]

Read More
TTCSIRT-304.041020: TT-CSIRT ADVISORY- PALO ALTO NETWORK PRIVILEGE ASSIGNMENT VULNERABILITY.
By

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. Severity: High (7) Solution: […]

Read More

Quick Navigation

Partner Agencies

Subscribe to Stay Updated!

Subscribe

Follow on social media:

Facebook-f X-twitter Linkedin-in Instagram