Webex Desktop App Vulnerability
Webex Desktop App Vulnerability
  • Alert & Advisory
  • June 24, 2020

A critical vulnerability was discovered in Cisco Webex Meetings Desktop App which might allow a malicious remote attacker to execute programs on affected end-user system. This vulnerability is caused by improper validation of input that is supplied to application URLs. Also, the attacker could exploit this vulnerability by persuading a user to follow a malicious URL.

SaltStack FrameWork Vulnerabilities in Cisco Products
SaltStack FrameWork Vulnerabilities in Cisco Products
  • Alert & Advisory
  • June 19, 2020

Researchers discovered numerous critical security vulnerabilities in SaltStack Salt framework – a configuration tool for cloud servers and data centers. Salt is used to monitor and update the state of servers. Each server runs an agent called a "minion" which connects to a "master", a Salt installation that collects state reports from minions and publishes update messages that minions can act on. The vulnerabilities allows attackers to bypass authentication and authorization for arbitrary code execution.

Multiple Security Vulnerabilities for Adobe Products
Multiple Security Vulnerabilities for Adobe Products
  • Alert & Advisory
  • June 18, 2020

Adobe has released an update for multiple adobe products in Windows, MacOS, and Linux. The updates resolves critical out-of-bounds Read and Write vulnerabilities that could lead to arbitrary code execution and information disclosure.

Local Privilege Escalation Vulnerability for VMware
Local Privilege Escalation Vulnerability for VMware
  • Alert & Advisory
  • June 16, 2020

VMware Fusion, VMRC, and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOC/TOU) issue in the service opener. Furthermore, another local privilege escalation was discovered, which allows the application to blindly executes files from an untrusted location. Both vulnerabilities result in arbitrary code execution as root.

Multiple Security Vulnerabilities on D-LINK Home Routers
Multiple Security Vulnerabilities on D-LINK Home Routers
  • Alert & Advisory
  • June 17, 2020

Researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The reported vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. There are also likelihood that some of these vulnerabilities are present in newer models of the router because of the similiarities in codebase.

Related Articles