by CIRT Team
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process....
Read More
by CIRT Team
Treck IP stacks contain multiple vulnerabilities
DESCRIPTIONTreck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities...
Read More
by CIRT Team
Multiple Vulnerabilities in Microsoft Edge Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft Edge, the most severe of which could allow for arbitrary code execution. Microsoft Edge is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in iCloud for Windows and macOS. The most severe of these vulnerabilities could allow for arbitrary code execution. macOS is a desktop operating system for Macintosh computers. iCloud is a cloud storage service that can be used on Windows computers. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of...
Read More
by CIRT Team
Cisco Security Advisories Published on September 24, 2020
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today. 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW +——————————————————————– 2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability CVE-2020-3552 SIR:...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...
Read More
by CIRT Team
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary...
Read More
by CIRT Team
Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2020-007
DESCRIPTION The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting. SYSTEM AFFECTED Following actions are recommended to be taken: Install the latest version: • If you are using Drupal 7.x, upgrade to Drupal 7.73. • If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10. • If you are using Drupal 8.9.x, upgrade to Drupal 8.9.6. • If...
Read More
by CIRT Team
IPTV encoder devices contain multiple vulnerabilities
DESCRIPTIONMultiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system. IMPACT • Full administrative access via backdoor password (CVE-2020-24215) • Administrative root access via backdoor password (CVE-2020-24218) • Arbitrary file read via path traversal (CVE-2020-24219) •...
Read More
