Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox/FirefoxESR/Thunderbird, the most severe of which could allow for arbitrary codeexecution. Mozilla Firefox is a web browser that is used to access theInternet. Mozilla Firefox ESR is a version of the web browser intendedto be deployed in large organizations. Mozilla Thunderbird is an emailclient. Successful exploitation of these vulnerabilities could allow forarbitrary code execution. Depending on the privileges...

Read More

0
21 Apr 2021
in Security Advisories & Alerts

A Vulnerability in Pulse Connect Secure VPN Could Allow for Remote Code Execution

DESCRIPTION:A vulnerability has been discovered in Pulse Connect Secure VPN thatcould allow for remote code execution. Pulse Connect Secure VPN providesTLS and mobile VPN solutions. Successful exploitation of thisvulnerability could allow for remote code execution. Depending on theprivileges associated with the application, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Applications that are configured to have...

Read More

0
21 Apr 2021
in Security Advisories & Alerts

Critical Patches Issued for Microsoft Products, April 13, 2021

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...

Read More

0
19 Apr 2021
in Security Advisories & Alerts

Vulnerabilities in ArubaNetworks ArubaOS and SD-WAN Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in ArubaNetwork’s ArubaOSand SD-WAN, which could result in arbitrary code execution. Aruba (aHewlett Packard Enterprise company) is the worldwide second-largestenterprise WLAN vendor after Cisco. ArubaOS is its WLAN controllersystem for automating WLAN management, and SD-WAN (software defined WAN)is its cloud-oriented WAN orchestration system. Successful exploitationof these vulnerabilities could allow an attacker to execute arbitrarycode in context of the user running...

Read More

0
19 Apr 2021
in Security Advisories & Alerts

A Vulnerability in Juniper Junos OS Could Allow for Remote Code Execution

DESCRIPTION:A vulnerability has been discovered in Juniper Junos OS that could allowfor remote code execution. Junos OS is a single network operating systemproviding a common language across Juniper’s routing, switching andsecurity devices. This vulnerability specifically affects the overlaydservice of Juniper Networks Junos OS. The overlayd daemon handlesOverlay OAM packets, such as ping and traceroute, sent to the overlay.The service runs as root by default and...

Read More

0
18 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this...

Read More

0
18 Apr 2021
in Security Advisories & Alerts

Desktop Window Manager vulnerability

Window Manager vulnerability Description:CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API. Impact:It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits...

Read More

0
17 Apr 2021
in Security Advisories & Alerts

Multiple OS command injection vulnerabilities in Nagios XI

Description:CVE-2021-25296Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Mitigation:Upgrade the Windows WMI config wizard from Admin > Manage Config Wizards to version 2.2.3 or above. CVE-2021-25297Nagios XI version xi-5.7.5 is affected by...

Read More

0
17 Apr 2021
in Security Advisories & Alerts

Critical Patches Issued for Microsoft Products, April 13, 2021

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...

Read More

0
15 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Photoshop is Adobe’s flagship image editing software.* Digital Editions is an e-book reader software program.* Bridge is a free digital asset management app. It is a mandatorycomponent of Adobe Creative Suite, Adobe eLearning Suite, AdobeTechnical Communication Suite and Adobe Photoshop CS2 through CS6.* RoboHelp is a...

Read More

0
15 Apr 2021
Page 2 of 13512345...102030...Last »