Overview Recently, SaltStack announced three severely critical bugs and has recommended users to prioritize and immediately apply the appropriate patches. Let’s understand all three bugs one by one: CVE-2020-16846 – If SSH client is enabled, sending crafted requests to Salt API results in shell injection. Thus, a client with network access to SaltStack Salt API … Continue reading “SaltStack Framework Critical Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592)”
Tag: CRITICAL
Microsoft Windows Critical RCE Vulnerability – Bad Neighbor (CVE-2020-16898)
Multiple vulnerabilities were addressed in Microsoft Patch Tuesday, October 2020. This blog discusses the most critical one out of them – CVE-2020-16898, which makes TCP/IP driver of Windows vulnerable. It eventually causes Denial of Service (DoS) and is said to be a potential Remote Code Execution (RCE), if mixed with other exploits. This CVE is … Continue reading “Microsoft Windows Critical RCE Vulnerability – Bad Neighbor (CVE-2020-16898)”
PAN-OS Buffer overflow vulnerability (CVE-2020-2040)
Within a span of three months, one more critical vulnerability with a score of 10.0 has been observed in PAN-OS devices. When a Captive Portal or Multi-factor authentication interface is enabled on PAN-OS devices, it is considered to be vulnerable to critical buffer overflow vulnerability. This vulnerability is classified as CWE-120 and assigned CVE-2020-2040, on … Continue reading “PAN-OS Buffer overflow vulnerability (CVE-2020-2040)”
Microsoft Windows Codec Library RCE Vulnerabilities (CVE-2020-1425, CVE-2020-1457)
Summary: Microsoft released emergency fixes ahead of the July 2020 Patch Tuesday to address two critical Remote Code Execution (RCE) vulnerabilities. Description: According to advisories, Abdul-Aziz Hariri of Trend Micro’s Zero Day initiative observed and reported two RCE vulnerabilities, CVE-2020-1425 and CVE-2020-1457, to Microsoft. Both CVEs are related to Microsoft Windows Codecs Library and affect … Continue reading “Microsoft Windows Codec Library RCE Vulnerabilities (CVE-2020-1425, CVE-2020-1457)”
Critical Vulnerabilities in Trend Micro Apex One and OfficeScan (CVE-2020-8467,CVE-2020-8468)
Summary: Trend Micro antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild, YET). A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote malicious users to execute arbitrary code … Continue reading “Critical Vulnerabilities in Trend Micro Apex One and OfficeScan (CVE-2020-8467,CVE-2020-8468)”
Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)
Summary: Amidst the global pandemic, there has been an emerge of a zero-day reported in Microsoft Windows. On March 23, Microsoft acknowledged the existence of a critical security vulnerability in multiple versions of Windows and Windows Server, in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Description: … Continue reading “Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)”