A Vulnerability with Cisco Small Business, Smart, and Managed Switches Could Allow for Denial of Service

DESCRIPTION A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4...

Read More

Command Injection Vulnerability in FusionCompute (CVE-2020-9242)

Description FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Impact Successful exploit could allow an authenticated attacker to launch a command injection attack. Mitigation Huawei has released software updates to fix this vulnerability. Product Name Affected Version Resolved Product and Version FusionCompute...

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application...

Read More

Multiple Vulnerabilities in Citrix XenMobile Server Could Allow for Arbitrary File Read

DESCRIPTION Multiple vulnerabilities have been discovered in Citrix XenMobile Server, the most severe of which could allow for reading of arbitrary files on the server. XenMobile is a software that provides mobile device management and mobile application management. Successful exploitation of the most severe of theses vulnerabilities could allow for arbitrary file read, resulting in access to configuration data and further attacks. IMPACT Multiple vulnerabilities...

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on...

Read More

Multiple Vulnerabilities in SAP Products Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application,...

Read More

Multiple Vulnerabilities in Apache Struts Could Allow for Remote Code Execution

DESCRIPTION Multiple Vulnerabilities have been discovered in Apache Struts, the most severe of which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker...

Read More

Alert (AA20-227A): Phishing Emails Used to Deploy KONNI Malware

DESCRIPTION The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts. RECOMMENDATIONS CISA recommends that users and administrators...

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code

Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF format. Adobe Reader is the free version within the Adobe Acrobat family of software. Successful exploitation of the most severe of...

Read More