TTCSIRT-294.031820: TT-CSIRT ADVISORY- VMWARE RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS

  • Home
  • Archive for category "Security Advisories"
TTCSIRT-294.031820: TT-CSIRT ADVISORY- VMWARE RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
By

VMware has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review VMware Security Advisories VMSA-2020-0004 and VMSA-2020-005 and apply the necessary updates: https://www.vmware.com/security/advisories/VMSA-2020-0004.html https://www.vmware.com/security/advisories/VMSA-2020-0005.html

Read More
TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY
By

Microsoft has published an advisory for a critical remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability affects both SMB servers and SMB clients. .This vulnerability evokes memories of EternalBlue, an RCE vulnerability in Microsoft SMBv1 that was used as part of the WannaCry ransomware attacks in 2017. (Satnam Narang, […]

Read More
TTCSIRT – 292-030620: TT-CSIRTADVISORY – UPDATE CISCO EMAIL SECURITY APPLIANCES: UNCONTROLLED RESOURCE EXHAUTION VULNERABILITY
By

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending […]

Read More
TTCSIRT-291.030620: TT-CSIRT ADVISORY- TOMCAT RELEASES SECURITY UPDATES
By

Tomcat has released security updates to address vulnerabilities affecting multiple products. This update for tomcat to version 9.0.31 fixes the following three (3) issues: CVE-2019-17569, CVE-2020-1935 and CVE-2020-1938. TT-CSIRT encourages users and administrators to review and apply the necessary updates: https://www.suse.com/support/update/announcement/2020/suse-su-20200598-1

Read More
TTCSIRT-290.030520:TT-CSIRT ADVISORY LET’S ENCRYPT REVOKING 3 MILLION TLS CERTIFICATES ISSUED INCORRECTLY DUE TO A BUG
By

The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within […]

Read More
TTCSIRT-289.022620: TT-CSIRT ADVISORY- MICROSOFT EXCHANGE SERVER VULNERABILITY
By

Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability   This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique […]

Read More
TTCSIRT-288.022620: TT-CSIRT ADVISORY- MICROSOFT INTERNET EXPLORER SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITY.
By

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.   Description Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application […]

Read More
TTCSIRT-287.022620: TT-CSIRT ADVISORY- MULTIPLE ZYXEL DEVICE VULNERABILITIES.
By

Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.   Description CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to […]

Read More
TTCSIRT-286.022620: TT-CSIRT ADVISORY- APACHE TOMCAT VULNERABILITIES
By

There are three vulnerabilities with Apache Tomcat with varying levels of severity. Kindly see below for a summary of each vulnerability: Operating System            : Windows, UNIX variants (UNIX, Linux, OSX) Impact/Access                  : –      Provide Misleading Information –      Remote/Unauthenticated –      Access Confidential Data –      Remote/Unauthenticated –      Unauthorised Access –      Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names:  CVE-2020-1938 CVE-2020-1935 CVE-2019-17569 Original […]

Read More

Quick Navigation

Partner Agencies

Subscribe to Stay Updated!

Subscribe

Follow on social media:

Facebook-f X-twitter Linkedin-in Instagram