dcsimg

CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild

Cisco warns of two zero-day denial-of-service vulnerabilities in its IOS XR Software actively exploited in the wild. Background On August 29, 2020, Cisco published an advisory regarding a zero-day denial-of-service (DoS) vulnerability in its Cisco IOS XR Software. This advisory was released in response to the Cisco Product Security Incident Response Team (PSIRT) becoming “aware of attempted … [Read more...]

Oracle Critical Patch Update for July 2020 Tops Previous Record with 443 Security Updates

Oracle’s third Critical Patch Update of 2020 contains a record-breaking 443 security patches addressing 284 CVEs, including critical vulnerabilities in Oracle Communications Applications and Oracle Fusion Middleware products. Background On July 14, Oracle released the Critical Patch Update (CPU) Advisory for July 2020 as part of their quarterly release of security patches. This update contains … [Read more...]

CVE-2020-10136: IP-in-IP Packet Processing Vulnerability Could Lead to DDoS, Network Access Bypass and Information Disclosure

IP-in-IP packet processing, a protocol used for tunneling by numerous vendors, contains a vulnerability that may lead to DDoS, information leakage and bypass of network access controls. Background On June 2, the CERT Coordination Center (CERT/CC) released vulnerability note VU#636397 detailing an unauthenticated vulnerability in the IP encapsulation within IP (IP-in-IP) protocol. The original … [Read more...]

CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild

Shortly after the public disclosure of critical vulnerabilities in the Salt framework, exploitation attempts were observed, as two open source projects were breached using these flaws. Background On April 30, F-Secure Labs published an advisory for two vulnerabilities in the open-source and commercial Salt management framework, which is used in data centers and cloud environments as a … [Read more...]

WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution

Several flaws in popular WordPress E-Learning plugins LearnPress, LearnDash and LifterLMS could allow for cheating, students gaining teacher privileges and exposure of sensitive personal information. Background On April 29, 2020, Check Point researchers Omri Herscovici and Sagi Tzadik published research into three popular WordPress learning management system (LMS) plugins: LifterLMS, LearnDash and … [Read more...]

CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild

Zero-day remote code execution vulnerability in Internet Explorer has been observed in attacks. Background On January 17, Microsoft released an out-of-band advisory (ADV200001) for a zero-day remote code execution (RCE) in Internet Explorer that has been exploited in the wild. Security Advisory - Microsoft Guidance on Scripting Engine Memory Corruption - for more information please visit: … [Read more...]

Oracle January 2020 Critical Patch Update Contains 255 CVEs

Oracle rings in the new year with its first Critical Patch Update of 2020 addressing 255 CVEs across 334 security patches, including critical vulnerabilities in Oracle WebLogic Server. Background On January 14, Oracle released its Critical Patch Update (CPU) for January 2020 as part of its quarterly release of security patches. This update contains fixes for 255 CVEs in 334 patches across multiple … [Read more...]

Google Chrome Affected by Magellan 2.0 SQLite Vulnerabilities

One year and one week after the disclosure of the Magellan series of vulnerabilities in 2018, Magellan 2.0 is disclosed bringing with it five new vulnerabilities.Google Chrome Affected by Magellan 2.0 SQLite Vulnerabilities By: Rody Quinlan DEK: One year and one week after the disclosure of the Magellan series of vulnerabilities in 2018, Magellan 2.0 is disclosed bringing with it five new … [Read more...]