SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild. CVE-2020-11651: An issue was discovered in...
Read More
CVE-2020-8618:An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. Impact: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to...
Read More
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. For more information, please visit following URL:https://www.drupal.org/sa-core-2020-004https://www.drupal.org/sa-core-2020-005
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. WordPress 5.4.2 is now available. For more information, please visit following URL:https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is...
Read More
CVE-2020-13428:A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Impact:According to VideoLan’s security bulletin, this vulnerability can be exploited by creating a specially crafted file and tricking a user into opening it...
Read More
Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.The vulnerabilities were found in the DIR-865L model of D-Link routers. The following are the six vulnerabilities found: CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection)CVE-2020-13786: Cross-Site Request Forgery (CSRF)CVE-2020-13785: Inadequate Encryption StrengthCVE-2020-13784: Predictable seed in pseudo-random number generatorCVE-2020-13783: Cleartext storage of sensitive...
Read More
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices and include multiple remote code execution vulnerabilities. These vulnerabilities affect Treck TCP/IP stack implementations for embedded systems. The Treck TCP/IP stack is affected including: IPv4IPv6UDPDNSDHCPTCPICMPv4ARP Impact:Successful exploitation of these...
Read More
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. What is UPnP? Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and...
Read More
There are many ways to define “Critical Infrastructure,” but what these definitions have in common is most closely conceived of as infrastructure that would affect the economic and national security of a country if it were negatively impacted or eliminated. The U.S. Department of Homeland Security describes critical infrastructure as the resources, structures, and networks, either physical or electronic, so important to the U.S. that...
Read More
