Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

Desktop Window Manager vulnerability

Window Manager vulnerability Description:CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API. Impact:It is...

Read more

0
17 Apr 2021
in Security Advisories & Alerts

Multiple OS command injection vulnerabilities in Nagios XI

Description:CVE-2021-25296Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Mitigation:Upgrade the Windows WMI config wizard from Admin >...

Read more

0
17 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Photoshop is Adobe’s flagship image editing software.* Digital Editions is an e-book reader software program.* Bridge is a free digital asset management app. It is a mandatorycomponent of Adobe Creative Suite,...

Read more

0
15 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR) and Mozilla Thunderbird, the mostsevere of which could allow for arbitrary code execution. MozillaFirefox is a web browser used to access the Internet. Mozilla FirefoxESR is a version of the web browser intended to be deployed in largeorganizations....

Read more

0
13 Apr 2021
in Security Advisories & Alerts

A Vulnerability in WebKitGTK and WPE WebKit Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in WebKit GTK and WPE WebKit whichcould allow for arbitrary code execution. * WebKitGTK is a full-featured port of the WebKit rendering engine,suitable for projects requiring any kind of web integration, from hybridHTML/CSS applications to full-fledged web browsers.* WPE is the reference WebKit port for...

Read more

0
13 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Microsoft Exchange Server Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft ExchangeServer (on premises version) , the most severe of which could allow forarbitrary code execution. Microsoft Exchange Server is a mail serverused to run and manage an organization’s email services. Successfulexploitation of the most severe of these vulnerabilities could allow anattacker to execute...

Read more

0
12 Apr 2021
in Security Advisories & Alerts

A Vulnerability in Adobe ColdFusion Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in Adobe ColdFusion, which couldallow for arbitrary code execution. Adobe ColdFusion is a webapplication development platform. Successful exploitation of thisvulnerability could result in an attacker executing arbitrary code inthe context of the affected application. Depending on the privilegesassociated with the application, an attacker could then...

Read more

0
12 Apr 2021
in Security Advisories & Alerts

Multiple Vulnerabilities in Cisco RV Series Routers Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco RV series smallbusiness routers, the most severe of which could allow for arbitrarycode execution. The Cisco RV series routers are recommended forconnecting your small business’ internal network devices to each other.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote...

Read more

0
11 Apr 2021
Page 2 of 13412345...102030...Last »