Collaborate Disseminate
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vul… Continue reading Out-of-band Drupal security updates fix bugs with known exploits
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities… Continue reading Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker&#… Continue reading Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw (CVE-2020-15999) that has been patched on October 20. About CVE-2020-17087 CVE-2020-170… Continue reading Google discloses actively exploited Windows zero-day (CVE-2020-17087)
A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle’s Fusion Middle… Continue reading Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scop… Continue reading Community detection: CVE-2020-16898
Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw. Continue reading Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability for organizations that are struggling with timely patching. Secura researchers… Continue reading Are your domain controllers safe from Zerologon attacks?
A low-privileged process on a vulnerable machine could allow data harvesting and DoS. Continue reading IBM AI-Powered Data Management Software Subject to Simple Exploit
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. About the vulner… Continue reading Potential Apache Struts 2 RCE flaw fixed, PoCs released