TTCSIRT – 292-030620: TT-CSIRTADVISORY – UPDATE CISCO EMAIL SECURITY APPLIANCES: UNCONTROLLED RESOURCE EXHAUTION VULNERABILITY
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to…
Read MoreTTCSIRT-291.030620: TT-CSIRT ADVISORY- TOMCAT RELEASES SECURITY UPDATES
Tomcat has released security updates to address vulnerabilities affecting multiple products. This update for tomcat to version 9.0.31 fixes the following three (3) issues: CVE-2019-17569, CVE-2020-1935 and CVE-2020-1938. TT-CSIRT encourages…
Read MoreTTCSIRT-290.030520:TT-CSIRT ADVISORY LET’S ENCRYPT REVOKING 3 MILLION TLS CERTIFICATES ISSUED INCORRECTLY DUE TO A BUG
The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to…
Read MoreTTCSIRT-289.022620: TT-CSIRT ADVISORY- MICROSOFT EXCHANGE SERVER VULNERABILITY
Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server.…
Read MoreTTCSIRT-288.022620: TT-CSIRT ADVISORY- MICROSOFT INTERNET EXPLORER SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITY.
The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a scripting…
Read MoreTTCSIRT-287.022620: TT-CSIRT ADVISORY- MULTIPLE ZYXEL DEVICE VULNERABILITIES.
Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Description CWE-78: Improper Neutralization of…
Read More