Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today. 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW...
Read more
DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the...
Read more
DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in...
Read more
The OIC-CERT Drill An annual event for the OIC-CERT member teams with the objectives to: Test the communication capabilities of the members’ point of contacts. Check the processes and procedures in managing contingencies. Test the technical competencies of participating teams. Simulate cross border cooperation in mitigating information security incidents. The...
Read more
DESCRIPTION The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting. SYSTEM AFFECTED Following actions are recommended to be taken: Install the latest version: • If you are using Drupal 7.x, upgrade to Drupal 7.73. • If you are using Drupal 8.8.x, upgrade to...
Read more
DESCRIPTIONMultiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system. IMPACT • Full administrative access via backdoor password (CVE-2020-24215) • Administrative...
Read more
DESCRIPTIONMultiple vulnerabilities have been discovered in iOS, iPadOS, watchOS, tvOS, watchOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. • iOS is a mobile operating system for Apple cellphones. • iPadOS is a mobile operating system for Apple tablets. • tvOS is...
Read more
DESCRIPTIONA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an...
Read more
Description:An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. The prime elements of this vulnerability are the weak encryption standards and the authentication process used in the...
Read more
