Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert

Overview On November 7, 2018, local time, Cisco released a security advisory to announce the remediation of two critical vulnerabilities in the Stealthwatch Management Console (SMC) and the Utility Express respectively.

AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert

Overview Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software. CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user. CVE-2018-17914 stems from an empty password in the […]

Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert

Vulnerability Overview Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this […]

Apache mod_jk Access Control Bypass Vulnerability (CVE-2018-11759) Threat Alert

Vulnerability Overview Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix […]

LIVE NETWORKS LIVE555 Streaming Media RTSP Server Remote Code Execution Vulnerability(CVE-2018-4013) Threat Alert

Overview Recently, the TALOS team disclosed a critical remote code execution vulnerability (CVE-2018-4013). This vulnerability exists in the HTTP packet parsing functionality of the LIVE555 RTSP server library. An attacker could exploit this vulnerability to cause a stack-based buffer overflow via a specially crafted packet, resulting in code execution.

Drupal Remote Code Execution Vulnerability Threat Alert

Overview Recently, Drupal released an official security advisory to announce the fixes for multiple security issues, including two critical remote code execution vulnerabilities which affect Drupal 7 and 8. The two critical vulnerabilities are described as follows:

libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert

Overview On October 16, local time, libssh officially released an update to fix the server-side identity authentication bypass vulnerability (CVE-2018-10933) existing in libssh 0.6 and later versions. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker […]