The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within […]
Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique […]
The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application […]
Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to […]
There are three vulnerabilities with Apache Tomcat with varying levels of severity. Kindly see below for a summary of each vulnerability: Operating System : Windows, UNIX variants (UNIX, Linux, OSX) Impact/Access : – Provide Misleading Information – Remote/Unauthenticated – Access Confidential Data – Remote/Unauthenticated – Unauthorised Access – Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-1938 CVE-2020-1935 CVE-2019-17569 Original […]
Qualys has found another critical vulnerability in OpenSMTPD. It is very important that you upgrade your setups AS SOON AS POSSIBLE. On OpenBSD: Binary patches are available through syspatch. Just run the syspatch command and make sure that your OpenSMTPD was restarted: $ doas syspatch On other systems the released version 6.6.4p1 of OpenSMTPD addresses […]
Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. TT-CSIRT encourages users and administrators to review the Chrome Release and apply the necessary updates. https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. TT-CSIRT encourages users and administrators to review the following Cisco advisories and apply the necessary updates: […]
Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates: https://helpx.adobe.com/security/products/after_effects/apsb20-09.html https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review VMware Security Advisory VMSA-2020-0003 and apply the necessary updates: https://www.vmware.com/security/advisories/VMSA-2020-0003.html
