Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database. Source link
Tag: critical flaw
Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw. Source link
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems. Source link
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Source link
Cisco Critical Flaw Patched in WAN Software Solution
Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure. Source link
Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors “will move quickly to exploit” two critical flaws in its mobile device management software. Source link
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules. Source link
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Source link
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the “holy grail” for attackers. Source link
Critical Magento Flaws Allow Code Execution
Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Source link
Critical Security Flaw in WordPress Plugin Allows RCE
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Source link
Critical Adobe Photoshop Flaws Patched in Emergency Update
Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications. Source link
Admins Urged to Patch Critical F5 Flaw Under Active Attack
Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack. Source link
Adobe Patches 18 Critical Flaws in Out-Of-Band Update
Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. Source link
Critical Intel Flaws Fixed in Active Management Technology
Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update. Source link
Adobe Warns of Critical Flaws in Flash Player, Framemaker
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution. Source link
Critical SAP ASE Flaws Allow Complete Control of Databases
Researchers warn of critical flaws in SAP’s Sybase Adaptive Server Enterprise software. Source link
Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw
Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims’ third-party applications. Source link
Hackers Compromise Cisco Servers Via SaltStack Flaws
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities. Source link
Adobe Patches Critical RCE Flaw in Character Animator App
A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch. Source link
Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK
Adobe patched 36 flaws, including critical vulnerabilities in Acrobat and Reader and its DNG Software Development Kit. Source link
Critical Adobe Illustrator, Bridge and Magento Flaws Patched
Adobe fixed critical flaws in Illustrator, Magento and Bridge in an out-of-band security update. Source link
DHS Urges Pulse Secure VPN Users To Update Passwords
The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw. Source link
Cisco IP Phone Harbors Critical RCE Flaw
Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker. Source link