TTCSIRT-307.041520: TT-CSIRT ADVISORY – VMWARE VREALIZE LOG INSIGHT VULNERABILITIES
Cross Site Scripting (XSS) and Open Redirect vulnerabilities exist in vRealize Log Insight due to improper Input validation; (CVE-2020-3953) and (CVE-2020-3954) respectively. VMware has evaluated the severity of these issues…
Read MoreTTCSIRT-306.041520: TT-CSIRT ADVISORY- ADOBE RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and…
Read MoreCOVID-19 EXPLOITED BY MALICIOUS CYBER ACTORS
The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) did a joint alert talking to…
Read MoreTTCSIRT-305.041020: TT-CSIRT ADVISORY- XSS VULNERABILITY IN THE DASHBOARD NAME PARAMETER OF FortiADC
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. Impact: Execute…
Read MoreTTCSIRT-304.041020: TT-CSIRT ADVISORY- PALO ALTO NETWORK PRIVILEGE ASSIGNMENT VULNERABILITY.
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges…
Read MoreTTCSIRT-303.040820: TT-CSIRT ADVISORY- MOZILLA FOUNDATION SECURITY ADVISORY
Be advised that security vulnerabilities were fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 It should be noted that under certain conditions, when running the nsDocShell destructor and ReadableStream, a…
Read More