by CIRT Team
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution.
DESCRIPTIONMultiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code...
Read More
by CIRT Team
Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.
DESCRIPTIONMultiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute...
Read More
by CIRT Team
Oracle Quarterly Critical Patches Issued October 20, 2020
DESCRIPTIONMultiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. SYSTEM AFFECTED • Application Performance Management (APM), versions 13.3.0.0, 13.4.0.0 • Big Data Spatial and Graph, versions prior to 3.0 • Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0 • Enterprise Manager for Peoplesoft, version 13.4.1.1 • Enterprise Manager for Storage Management, versions 13.3.0.0, 13.4.0.0 • Enterprise Manager Ops Center,...
Read More
by CIRT Team
Multiple Vulnerabilities in Magento CMS Could Allow for Remote Code Execution (APSB20-59)
DESCRIPTIONMultiple vulnerabilities have been discovered in Magento CMS, the most severe of which could allow for arbitrary code execution. Magento is a web-based e-commerce application written in PHP. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new...
Read More
by CIRT Team
A Vulnerability in Juniper Junos OS Could Allow for Denial of Service
DESCRIPTIONA vulnerability has been discovered in Juniper Junos OS, which could allow for denial of service. Junos OS is a FreeBSD-based operating system used in Juniper Networks routers. This vulnerability specifically affects MX Series routers and EX9200 series switches with Trio-based PFEs configured with IPv6 Distributed Denial of Service (DDoS) protection mechanism enabled. An attacker can exploit this issue to disrupt network protocol operations or...
Read More
by CIRT Team
Multiple Vulnerabilities in SonicWALL Sonic OS Could Allow for Arbitrary Code Execution
DESCRIPTIONMultiple vulnerabilities have been discovered in SonicWALL Sonic OS, the most severe of which could allow for arbitrary code execution. SonicWALL is a firewall and cybersecurity solution vendor. Successful exploitation of the most severe of these vulnerabilities could allow for buffer overflow within the context of the application. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed...
Read More
by CIRT Team
CVE-2020-16898(aka”Bad Neighbor”): Windows TCP/IP Remote Code Execution Vulnerability
DESCRIPTIONA remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. IMPACTAn attacker who successfully exploited this vulnerability...
Read More
by CIRT Team
CVE-2020-15504: Sophos XG Firewall Admin Web Interface sql injection
DESCRIPTIONA SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. IMPACT9.8 CRITICAL SYSTEM AFFECTEDSophos XG Firewall v18.0 MR1 and...
Read More
by CIRT Team
Critical Patches Issued for Microsoft Products, October 13, 2020
DESCRIPTIONMultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
A Vulnerability in Adobe Flash Player Could Allow for Arbitrary Code Execution (APSB20-58)
DESCRIPTIONA vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability could result in an attacker executing arbitrary code in the context of the affected application. Depending on the privileges...
Read More
