The Laws of Vulnerabilities – Page 2

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

Posted on March 6, 2020 by Animesh Jain

A severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, which is named “Ghostcat” and is tracked using CVE-2020-1938. The security issu… Continue reading Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR→

February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns

Posted on February 11, 2020 by Jimmy Graham

This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Medi… Continue reading February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns→

OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247)

Posted on January 29, 2020 by Animesh Jain

Qualys Research Labs discovered a vulnerability in OpenBSD’s OpenSMTPD mail server that allows an attacker to execute arbitrary shell commands with elevated privileges. OpenBSD developers have confirmed the vulnerability and also quickly pro… Continue reading OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247)→

Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate

Posted on January 14, 2020 by Animesh Jain

Today, Microsoft released patch for CVE-2020-0601, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. Th… Continue reading Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate→

January 2020 Patch Tuesday – 50 vulns, 8 Critical, Adobe vulns

Posted on January 14, 2020 by Animesh Jain

This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has… Continue reading January 2020 Patch Tuesday – 50 vulns, 8 Critical, Adobe vulns→

Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)

Posted on January 9, 2020 by Animesh Jain

Citrix released a security advisory (CVE-2019-19781) for a remote code execution vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability allows an unauthenticated remote attacker to execute arbitrary… Continue reading Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)→

OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)

Posted on December 12, 2019 by Animesh Jain

Qualys Research Labs discovered a local privilege escalation vulnerability in OpenBSD’s dynamic loader. The vulnerability could allow local users or malicious software to gain full root privileges. OpenBSD developers have confirmed the vulnerabil… Continue reading OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)→

December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns

Posted on December 10, 2019 by Jimmy Graham

This month’s Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attack… Continue reading December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns→

OpenBSD Multiple Authentication Vulnerabilities

Posted on December 5, 2019 by Animesh Jain

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulne… Continue reading OpenBSD Multiple Authentication Vulnerabilities→

November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe

Posted on November 12, 2019 by Jimmy Graham

This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor esc… Continue reading November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe→