• Denial of Service
• Denial of Service
• Elevation of Privilege
• Information Disclosure
• Data Manipulation

• SUSE Linux Enterprise Module for Realtime 15-SP2
• Oracle Linux 6
• Oracle Linux 7

Before installation of the software, please visit the vendor website for more details.

The vendor has issued a fix

• https://www.suse.com/support/update/announcement/2021/suse-su-20212599-1/
• https://linux.oracle.com/errata/ELSA-2021-9395.html

• CVE-2020-14304
• CVE-2021-22555
• CVE-2021-3609
• CVE-2021-3612
• CVE-2021-32399
• CVE-2021-33909
• CVE-2021-35039

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass
• Data Manipulation

• Google Chrome prior to 92.0.4515.131

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• Update to version 92.0.4515.131

• CVE-2021-30590
• CVE-2021-30591
• CVE-2021-30592
• CVE-2021-30593
• CVE-2021-30594
• CVE-2021-30596
• CVE-2021-30597

• Spoofing
• Denial of Service
• Security Restriction Bypass
• Information Disclosure
• Cross-Site Scripting
• Data Manipulation

• GitLab Community Edition (CE) versions prior to 14.1.2, 14.0.7, and 13.12.9
• GitLab Enterprise Edition (EE) versions prior to 14.1.2, 14.0.7, and 13.12.9

Before installation of the software, please visit the vendor website for more details.

The vendor has issued a fix

• https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/

• CVE-2021-22236
• CVE-2021-22237
• CVE-2021-22239

• Denial of Service

• FortiSandbox version 3.2.1 and prior versions
• FortiSandbox version 3.1.4 and prior versions
• FortiSandbox version 3.0.6 and prior versions
• FortiAuthenticator version 6.0.5 and prior versions
• FortiAuthenticator version 5.5.0 and prior versions
• FortiAuthenticator version 5.4.1 and prior versions
• FortiAuthenticator version 5.3.1 and prior versions
• FortiAuthenticator version 5.2.2 and prior versions
• FortiAuthenticator version 5.1.2 and prior versions
• FortiAuthenticator version 5.0.0 and prior versions
• FortiAuthenticator version 4.3.4 and prior versions

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-20-170

• CVE-2021-22124

• Remote Code Execution

• FortiOS version 7.0.0
• FortiOS version 6.4.6 and prior versions

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-19-301
• https://www.fortiguard.com/psirt/FG-IR-21-046

• CVE-2019-16151
• CVE-2021-24018

• Denial of Service
• Remote Code Execution
• Information Disclosure

• Cisco Routers

• https://tools.cisco.com/security/center/content /CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory /cisco-sa-rv-multi-lldp-u7e4chCe
• https://tools.cisco.com/security/center/ content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content /CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory /cisco-sa-rv-multi-lldp-u7e4chCe
• https://tools.cisco.com/security/center/ content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

• CVE-2021-1251
• CVE-2021-1308
• CVE-2021-1309
• CVE-2021-1602
• CVE-2021-1609

• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass

• Android security patch level prior to 2021-08-05

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• https://source.android.com/security/bulletin/2021-08-01

• CVE-2020-14381
• CVE-2021-3347
• CVE-2021-28375

[Updated 29-July-2021] Added SUSE Linux Kernel Security Advisories.

• Denial of Service
• Remote Code Execution

• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Server 12-SP3-LTSS
• SUSE Linux Enterprise Server for SAP 12-SP3
• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

For detail, please refer to the link below:

• https://www.suse.com/support/update/announcement/2021/suse-su-20212487-1/
• https://www.suse.com/support/update/announcement/2021/suse-su-20212538-1/
• https://ubuntu.com/security/notices/LSN-0079-1

• CVE-2020-36385

A vulnerability was identified in Apple products, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

• Remote Code Execution

• iOS 14.7.1
• iPadOS 14.7.1
• macOS Big Sur 11.5.1
• watchOS 7.6.1

• iOS 14.7.1
• iPadOS 14.7.1
• macOS Big Sur 11.5.1
• watchOS 7.6.1

• CVE-2021-30807

Notes: POC tool is publicly available.

• Remote Code Execution
• Elevation of Privilege
• Spoofing

• Windows Server, version 20H2 (Server Core Installation)
• Windows Server, version 2004 (Server Core installation)
• Windows Server 2019 (Server Core installation)
• Windows Server 2019
• Windows Server 2016 (Server Core installation)
• Windows Server 2016
• Windows Server 2012 R2 (Server Core installation)
• Windows Server 2012 R2
• •Windows Server 2012 (Server Core installation)
• Windows Server 2012
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• •Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1

• No CVE information is available

• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure

• Microsoft Edge prior to 92.0.902.55

• Update to version 92.0.902.55

• CVE-2021-30565
• CVE-2021-30566
• CVE-2021-30567
• CVE-2021-30568
• CVE-2021-30569
• CVE-2021-30571
• CVE-2021-30572
• CVE-2021-30573
• CVE-2021-30574
• CVE-2021-30575
• CVE-2021-30576
• CVE-2021-30577
• CVE-2021-30578
• CVE-2021-30579
• CVE-2021-30580
• CVE-2021-30581
• CVE-2021-30582
• CVE-2021-30583
• CVE-2021-30584
• CVE-2021-30585
• CVE-2021-30586
• CVE-2021-30587
• CVE-2021-30588
• CVE-2021-30589
• CVE-2021-36928
• CVE-2021-36929
• CVE-2021-36931

• Denial of Service
• Remote Code Execution

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS

• https://ubuntu.com/security/notices/LSN-0079-1

• CVE-2021-3600
• CVE-2021-33909

Note: CVE-2021-30807 is being exploited in the wild.

• Remote Code Execution

• iOS 14.7.1
• iPadOS 14.7.1
• macOS Big Sur 11.5.1

• CVE-2021-30807

Microsoft has released a security warning informing all Windows users to update systems for a critical remote code execution vulnerability in the Windows Print spooler service. Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. The remote code execution bug (tracked as CVE-2021-34527) allows attackers to take over affected servers via remote code execution (RCE) with SYSTEM privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

On July 6th, 2021, Microsoft released an out of band security update (KB5004945) to fix. However, the patch is incomplete, and the vulnerability can still be locally exploited to gain SYSTEM privileges.

• Remote Code Execution
• Account privilege escalation

• All windows systems

Administrators are encouraged to disable the Windows Print Spooler service on servers not used for printing.

Option 1:
Print Spooler service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object because of the increased exposure to attacks. The service should be disabled on all servers that don't require it to mitigate future attacks due to these heightened risks of the printing service being targeted since it's enabled by default on most Windows clients and server platforms.

Option 2:
Disable inbound remote printing, this will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

Multiple vulnerabilities were identified in Cisco Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, sensitive information disclosure and data manipulation on the targeted system.

• Data Manipulation
• Spoofing
• Information Disclosure
• Denial of Service

• Webex Teams
• Jabber
• Meeting Server
• Cisco ESA
• Cisco WSA

Please refer to the link below for detail:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW

• CVE-2021-1242
• CVE-2021-1524
• CVE-2021-1566
• CVE-2021-1569
• CVE-2021-1570

• Elevation of Privilege
• Remote Code Execution
• Cross-Site Scripting
• Denial of Service
• Data Manipulation
• Information Disclosure
• Security Restriction Bypass

• Adobe Connect 11.2.1 and earlier versions.
• Acrobat DC 2021.001.20155 and earlier versions
• Acrobat Reader DC 2021.001.20155 and earlier versions
• Acrobat 2020 2020.001.30025 and earlier versions
• Acrobat Reader 2020 2020.001.30025 and earlier versions
• Acrobat 2017 2017.011.30196 and earlier versions
• Acrobat Reader 2017 2017.011.30196 and earlier versions
• Photoshop 2020 21.2.8 and earlier versions
• Photoshop 2021 22.4.1 and earlier versions
• Adobe Experience Manager (AEM) AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) 6.5.8.0 and earlier versions
• Creative Cloud Desktop Application (Installer) 2.4 and earlier versions
• Photoshop Elements (installer) 5.2 and earlier versions
• Adobe Premiere Elements (installer) 5.2 and earlier versions
• Adobe After Effects 18.2 and earlier versions
• Adobe Animate 21.0.6 and earlier versions.
• RoboHelp Server 2019.0.9 and earlier versions

Before installation of the software, please visit the vendor website for more details.

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2021&month=6

On July 2, Kaseya's VSA remote monitoring and management platform are being actively attacked by REvil ransomware actors (attackers) and conduct supply-chain attack targeting multiple Managed Service Providers (MSPs) and their customers.

Kaseya is used by multiple MSPs, the affected organisations are being contacted by Kaseya directly.

• The REvil ransomware gang appears to have gained unauthorised access to the infrastructure of Kaseya.
• It enabled them to deploy a malicious update to Kaseya's VSA servers.
• The malicious updates were used to install the REvil ransomware from the VSA Server to all connected computers.
• It is reported that some of the victims received demands for $5 million in ransom. A retailer in Sweden was forced to close at least 800 stores due to the attack.
• Kaseya developed a compromise detection tool and is working on the security patch.

• Denial of Service

• Kaseya VSA Products
• On-Premises Servers
• SaaS

• No patch is currently available.
• According to Kaseya's Advisory (https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 ),
• All On-Premises VSA Servers should remain offline until further instructions from Kaseya.
• A Compromise Detection Tool is available for download.

• No CVE information is available.

Multiple vulnerabilities were identified in GitLab, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, sensitive information disclosure, cross-site scripting, and security restriction bypass on the targeted system.

• Spoofing
• Denial of Service
• Security Restriction Bypass
• Information Disclosure
• Cross-Site Scripting

• GitLab Community Edition (CE) versions prior to 14.0.2, 13.12.6, and 13.11.6
• GitLab Enterprise Edition (EE) versions prior to 14.0.2, 13.12.6, and 13.11.6

Before installation of the software, please visit the software vendor website for more details. The vendor has issued a fix.

https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/

• CVE-2021-22223

Multiple vulnerabilities were identified in Apple products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation, security restriction bypass and cross-site scripting attack on the targeted system.

• CVE-2021-30663, CVE-2021-30665 and CVE-2021-30713 are being exploited in the wild

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass
• Data Manipulation
• Cross-Site Scripting

• Versions prior to tvOS 14.6
• Versions prior to watchOS 7.5
• Versions prior to iOS 14.6
• Versions prior to iPadOS 14.6
• Versions prior to macOS Big Sur 11.4
• Versions prior to macOS Mojave Security Update 2021-004 Mojave
• Versions prior to macOS Catalina Security Update 2021-003 Catalina
• Versions prior to Safari 14.1.1

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• tvOS 14.6
• watchOS 7.5
• iOS 14.6
• iPadOS 14.6
• macOS Big Sur 11.4
• macOS Mojave Security Update 2021-004 Mojave
• macOS Catalina Security Update 2021-003 Catalina
• Safari 14.1.1

• CVE-2020-36221
• CVE-2020-36222
• CVE-2021-0427
• CVE-2021-0428
• CVE-2021-0429
• CVE-2021-0430
• CVE-2021-0431
• CVE-2021-0432
• CVE-2021-0433
• CVE-2021-0435
• CVE-2021-0436
• CVE-2021-0437
• CVE-2021-0438
• CVE-2021-0439

Multiple vulnerabilities were identified in WordPress, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

• Remote Code Execution

• WordPress versions prior to 5.7.2

Before installation of the software, please visit the vendor website for more details.

Apply fix issued by the vendor for WordPress version 5.7.2

• CVE-2018-19296
• CVE-2020-36326

A vulnerability was identified in IBM WebSphere Application Server, a remote attacker could exploit this vulnerability to trigger data manipulation on the targeted system.

• Data Manipulation

• WebSphere Application Server Liberty Continuous Delivery
• WebSphere Application Server 8.5 and 9.0

Before installation of the software, please visit the vendor website for more details.

• CVE-2021-2161

Multiple vulnerabilities were identified in Android, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

• Android 8.1, 9, 10, 11

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• https://source.android.com/security/bulletin/2021-04-01

• CVE-2021-0400
• CVE-2021-0426
• CVE-2021-0427
• CVE-2021-0428
• CVE-2021-0429
• CVE-2021-0430
• CVE-2021-0431
• CVE-2021-0432
• CVE-2021-0433
• CVE-2021-0435
• CVE-2021-0436
• CVE-2021-0437
• CVE-2021-0438
• CVE-2021-0439

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and data manipulation on the targeted system.

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation

• Cisco SD-WAN
• Cisco Small Business Routers
• Cisco Unified Communications

Please refer to the link below for detail:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• CVE-2021-1137
• CVE-2021-1251
• CVE-2021-1308
• CVE-2021-1309
• CVE-2021-1362
• CVE-2021-1380
• CVE-2021-1407
• CVE-2021-1408
• CVE-2021-1409
• CVE-2021-1459
• CVE-2021-1472
• CVE-2021-1473
• CVE-2021-1479
• CVE-2021-1480

A vulnerability was identified in Apple products, a remote attacker could exploit this vulnerability to trigger cross-site scripting on the targeted system. NOTE: This vulnerability is being actively exploited in the wild.

• Cross-Site Scripting

• iOS
• iPadOS
• watchOS

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

For detail, please refer to the link below:

• CVE-2021-1879

Multiple vulnerabilities were identified in GitLab, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, information disclosure, cross-site scripting, security restriction bypass and data manipulation on the targeted system.

• Cross-Site Scripting
• Denial of Service
• Information Disclosure
• Security Restriction Bypass
• Data Manipulation

• Versions prior to 13.10.1, 13.9.5, and 13.8.7 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Before installation of the software, please visit the software vendor website for more details

Apply fixes issued by the vendor:

For detail, please refer to the link below:

• No CVE information is available.

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and data manipulation on the targeted system.

• Denial of Service
• Remote Code Execution
• Information Disclosure

• Information Disclosure
• Data Manipulation

• Cisco SD-WAN
• Cisco Small Business Routers
• Cisco Unified Communications

Please refer to the link below for detail:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx

Before installation of the software, please visit the vendor website for more details.

• CVE-2021-1137
• CVE-2021-1251
• CVE-2021-1308
• CVE-2021-1309
• CVE-2021-1362
• CVE-2021-1380
• CVE-2021-1407
• CVE-2021-1408
• CVE-2021-1409
• CVE-2021-1459
• CVE-2021-1472
• CVE-2021-1473
• CVE-2021-1479
• CVE-2021-1480

Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution and information disclosure on the targeted system.

• Denial of Service
• Remote Code Execution
• Information Disclosure

• Google Chrome (Desktop version) prior to 89.0.4389.114

Before installation of the software, please visit the software vendor website for more details.

The vendor has issued a fix:

For detail, please refer to the link below:

• CVE-2021-21199
• CVE-2021-21198
• CVE-2021-21197
• CVE-2021-21196
• CVE-2021-21195
• CVE-2021-21194

Multiple vulnerabilities were identified in Linux Kernel, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

• Denial of Service
• Remote Code Execution
• Information Disclosure

• Ubuntu 12.04

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

For detail, please refer to the link below:

• CVE-2021-27363
• CVE-2021-27364
• CVE-2021-27365
• CVE-2020-28374

Multiple vulnerabilities were identified in McAfee ePolicy Orchestrator, a remote attacker could exploit some of these vulnerabilities trigger sensitive information disclosure and cross-site scripting on the targeted system.

• Cross-Site Scripting
• Information Disclosure

• Version ePO 5.9.1 prior to HF EPO-937000
• Version ePO 5.10 prior to Update 10

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• CVE-2021-23888
• CVE-2021-23889
• CVE-2021-23890

Multiple vulnerabilities were identified in McAfee ePolicy Orchestrator, a remote attacker could exploit some of these vulnerabilities trigger sensitive information disclosure and cross-site scripting on the targeted system.

• Cross-Site Scripting
• Information Disclosure

• Version ePO 5.9.1 prior to HF EPO-937000
• Version ePO 5.10 prior to Update 10

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• CVE-2021-23888
• CVE-2021-23889
• CVE-2021-23890

Multiple vulnerabilities were identified in VMware products, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, information disclosure and data manipulation.

• Elevation of Privilege
• Information Disclosure
• Data Manipulation

• VMware vRealize Operations Manager version 7.5.0, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.2.0 and 8.3.0
• VMware Cloud Foundation version 3.x and 4.x
• vRealize Suite Lifecycle Manager version 8.x

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• CVE-2021-21983
• CVE-2021-21975

Multiple vulnerabilities were identified in WhatsApp, a remote attacker could exploit some of these vulnerabilities to trigger information disclosure and data manipulation on the targeted system.

• Elevation of Privilege
• Information Disclosure
• Data Manipulation

• WhatsApp for Android prior to v2.21.4.18
• WhatsApp Business for Android prior to v2.21.4.18
• WhatsApp for iOS prior to v2.21.32
• WhatsApp Business for iOS prior to v2.21.32

Before installation of the software, please visit the vendor website for more details.

Apply fixes issued by the vendor:

• Update to the latest versions of WhatsApp

• CVE-2021-24026
• CVE-2021-24027

On March 2, 2021 (US Time), Microsoft has released information regarding multiple vulnerabilities in Microsoft Exchange Server. A remote attacker may execute arbitrary code with SYSTEM privileges by leveraging these vulnerabilities. According to Microsoft, four of these vulnerabilities have already been exploited in limited targeted attacks, and it is recommended to take measures as soon as possible. For more information, please refer to the information provided by Microsoft.

Microsoft The_Exchange_Team
Released: March 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

Microsoft Security Response Center
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

Microsoft has released versions that address these vulnerabilities. Microsoft recommends prioritizing installing updates on Exchange Servers that are externally facing. Please consider to take measures as soon as possible by referring to the information provided by Microsoft.

• Microsoft Exchange Server 2019 (CU 8, CU 7)
• Microsoft Exchange Server 2016 (CU 19, CU 18)
• Microsoft Exchange Server 2013 (CU 23)

In addition, the security updates are also available for Microsoft Exchange Server 2010, which is no longer supported.

Information that explains the details of the observed attacks has been released by Microsoft and others. In addition to the details of the exploited vulnerabilities, the Microsoft's blog provides information on activities confirmed in the attack, investigation methods and indicator information for confirming the presence of damage from the attack. Please check the information as a reference for your investigation.

Microsoft
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Update: March 8, 2021 Update
Microsoft released a new blog and recommended to promptly apply countermeasures as well as to investigate if attacks exploiting these vulnerabilities have already been conducted. Microsoft also released PowerShell scripts on Github to investigate the evidence of compromise. In addition, other parties such as Volexity, FireEye and CISA have also released information on indicators and investigation methods for attacks that exploit these vulnerabilities. It is recommended to take measures and investigate as soon as possible by referring to the information by Microsoft and others.

Microsoft
Microsoft Exchange Server Vulnerabilities Mitigations - updated March 6, 2021
https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft
microsoft / CSS-Exchange
https://github.com/microsoft/CSS-Exchange/tree/main/Security

CISA
Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-062a

Volexity
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

FireEye
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
Notes: No patch is currently available.

• Denial of Service
• Remote Code Execution
• Information Disclosure

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• Cisco ASR 5000 21.5.27
• Cisco ASR 5500 21.5.27
• Cisco ASR 5500 21.11.15
• Cisco ASR 5500 21.14.22
• Cisco ASR 5500 21.20.2
• Cisco Virtual Packet Core 21.5.27
• Cisco Virtual Packet Core 21.11.15
• Cisco Virtual Packet Core 21.14.22
• Cisco Virtual Packet Core 21.20.2
Notes: Patch will be available on 31-Jul-2020
Please refer to the link below for detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC

• CVE-2020-11896
• CVE-2020-11897
• CVE-2020-11898
• CVE-2020-11899
• CVE-2020-11900
• CVE-2020-11901
• CVE-2020-11902
• CVE-2020-11903
• CVE-2020-11904
• CVE-2020-11905
• CVE-2020-11906
• CVE-2020-11907
• CVE-2020-11908
• CVE-2020-11909
• CVE-2020-11910
• CVE-2020-11911
• CVE-2020-11912
• CVE-2020-11913
• CVE-2020-11914

A vulnerability was identified in Adobe Reader Mobile, a remote attacker can exploit this vulnerability to obtain sensitive information on the targeted system.

• Information Disclosure

Before installation of the software, please visit the vendor web-site for more details.
The vendor has issued a fix :
https://play.google.com/store/apps/details?id=com.adobe.reader

• CVE-2020-9663

A vulnerability was identified in Adobe Photoshop, a remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.

• Remote Code Execution

Before installation of the software, please visit the vendor web-site for more details.
The vendor has issued a fix :
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html

• CVE-2020-9683
• CVE-2020-9686
• CVE-2020-9684
• CVE-2020-9685
• CVE-2020-9687

A vulnerability has been identified in Microsoft Windows, a remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.
Notes: No patch is currently available.

• Information Disclosure

Workaround:
Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application.

• No CVE information is available

A vulnerability was identified in Python, a remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.

• Remote Code Execution

Before installation of the software, please visit the vendor web-site for more details.
The vendor has issued a fix :
https://docs.python.org/3/whatsnew/changelog.html#python-3-8-4-final

• CVE-2020-15523

Multiple vulnerabilities were identified in SQLite, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

• Denial of Service
• Remote Code Execution

Before installation of the software, please visit the vendor web-site for more details.
Update SQLite to version 3.32.3. TensorFlow must be updated to obtain the security fix.

• CVE-2020-13434
• CVE-2020-13435

A vulnerability was identified in IBM WebSphere Application Server, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

• Remote Code Execution

Before installation of the software, please visit the vendor web-site for more details.
https://www.ibm.com/support/pages/node/6250059

• CVE-2020-4464

A vulnerability was identified in Cisco Webex Meetings and Cisco Webex Meetings Server, a remote user can exploit this vulnerability to perform data manipulation on the targeted system.

• Data Manipulation

Before installation of the software, please visit the vendor web-site for more details.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-html-BJ4Y9tX

• CVE-2020-3345

A vulnerability was identified in Fortinet FortOS, a remote attacker could exploit this vulnerability to bypass security restriction on the targeted system.

• Security Restriction Bypass

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• FortiOS 6.0.10 or later version
• FortiOS 6.2.4 or later version
• FortiOS 6.4.1 or later version

• CVE-2020-1281

Multiple vulnerabilities were identified in Apache Tomcat, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

• Denial of Service
• Security Restriction Bypass

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
-10.0.0-M7 or later
- 9.0.37 or later
- 8.5.57 or later

• CVE-2020-13934
• CVE-2020-13935

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure, data manipulation and bypass security restriction on the targeted system.

• Denial of Service
• Security Restriction Bypass
• Remote Code Execution
• Information Disclosure
• Data Manipulation

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Oracle Critical Patch Update Advisory

Microsoft has released monthly security update for their products:

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Spoofing
• Data Manipulation

Before installation of the software, please visit the vendor's web-site for more details.
• Apply fixes issued by the vendor.

Multiple vulnerabilities were identified in Android, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://source.android.com/security/bulletin/2020-06-01

• CVE-2017-9704
• CVE-2019-10597
• CVE-2019-14047
• CVE-2019-14062
• CVE-2019-14073
• CVE-2019-14076
• CVE-2019-14080
• CVE-2019-2219
• CVE-2019-9460
• CVE-2020-0113
• CVE-2020-0114
• CVE-2020-0115
• CVE-2020-0116
• CVE-2020-0117
• CVE-2020-0118
• CVE-2020-0119
• CVE-2020-0121
• CVE-2020-3614
• CVE-2020-3626
• CVE-2020-3628
• CVE-2020-3635
• CVE-2020-3642
• CVE-2020-3658
• CVE-2020-3660
• CVE-2020-3661
• CVE-2020-3662
• CVE-2020-3663
• CVE-2020-3665
• CVE-2020-3676
• CVE-2020-8428
• CVE-2020-8597
• CVE-2020-8647
• CVE-2020-8648

A vulnerability was identified in Fortinet products, a remote attacker could exploit this vulnerability to trigger denial of service on the targeted system.

• Denial of Service

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://fortiguard.com/psirt/FG-IR-16-039

• CVE-2004-0230

Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

• Remote Code Execution
• Security Restriction Bypass

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• Google Chrome 83.0.4103.61

• CVE-2020-6465
• CVE-2020-6466
• CVE-2020-6467
• CVE-2020-6468
• CVE-2020-6469
• CVE-2020-6470
• CVE-2020-6471
• CVE-2020-6472
• CVE-2020-6473
• CVE-2020-6474
• CVE-2020-6475
• CVE-2020-6476
• CVE-2020-6477
• CVE-2020-6478
• CVE-2020-6479
• CVE-2020-6480
• CVE-2020-6481
• CVE-2020-6482
• CVE-2020-6483
• CVE-2020-6484
• CVE-2020-6485
• CVE-2020-6486
• CVE-2020-6487
• CVE-2020-6488
• CVE-2020-6489
• CVE-2020-6490
• CVE-2020-6491

A vulnerability was identified in ISC BIND, a remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

• Denial of Service

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• BIND 9.11.19
• BIND 9.14.12
• BIND 9.16.3
• BIND 9.11.19-S1

For detail, please refer to the link below:
https://kb.isc.org/docs/cve-2020-8616 and https://kb.isc.org/docs/cve-2020-8617

• CVE-2020-8617
• CVE-2020-8616

A vulnerability has been identified in Microsoft Windows DNS Server, a remote user can exploit this vulnerability to trigger denial of service on the targeted system.

• Denial of Service

• Workaround:
Enable RRL on a DNS server, please refer to DNS Server Response Rate Limiting

• No CVE information is available

• US-CERT
• Microsoft

Multiple vulnerabilities were identified in Red Hat Kernel, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and elevation of privilege on the targeted system.

• Elevation of Privilege
• Denial of Service

• CVE-2017-18595
• CVE-2019-19768
• CVE-2020-10711
• CVE-2020-11884

Multiple vulnerabilities were identified in Android, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• https://source.android.com/security/bulletin/2020-05-01

• CVE-2019-14053
• CVE-2019-14054
• CVE-2019-14066
• CVE-2019-14067
• CVE-2019-14077
• CVE-2019-14078
• CVE-2019-14087
• CVE-2019-19536
• CVE-2020-0024
• CVE-2020-0064
• CVE-2020-0065
• CVE-2020-0090
• CVE-2020-0091
• CVE-2020-0092
• CVE-2020-0093
• CVE-2020-0094
• CVE-2020-0096
• CVE-2020-0097
• CVE-2020-0098
• CVE-2020-0100
• CVE-2020-0101
• CVE-2020-0102
• CVE-2020-0103
• CVE-2020-0104
• CVE-2020-0105
• CVE-2020-0106
• CVE-2020-0109
• CVE-2020-0110
• CVE-2020-3610
• CVE-2020-3615
• CVE-2020-3616
• CVE-2020-3618
• CVE-2020-3623
• CVE-2020-3625
• CVE-2020-3630
• CVE-2020-3633
• CVE-2020-3641
• CVE-2020-3645
• CVE-2020-3680

• Android

A vulnerability was identified in OpenSSL, which could be exploited by attackers to trigger denial of service on the targeted system.
Note: Proof Of Concept Exploit Code Is Publicly Available

• Denial of Service

Before installation of the software, please visit the vendor web-site for more details.
Update to:
• Version 1.1.1g

• CVE-2020-1967

• openSSL
• US-CERT
• Security Affairs

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and tampering on the targeted system.

One of the vulnerabilities (CVE-2020-2883) in Oracle WebLogic Server was currently being exploited in the wild. The risk level was increased to extremely high risk correspondingly.

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation

Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
• Oracle Critical Patch Update Advisory

Multiple vulnerabilities were identified in Adobe Magento, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:
• Magento Commerce 2.3.4-p2
• Magento Commerce 2.3.5-p1
• Magento Open Source 2.3.4-p2
• Magento Open Source 2.3.5-p1
• Magento Enterprise Edition 1.14.4.5
• Magento Community Edition 1.9.4.5

For detail, please refer to the link below:
https://helpx.adobe.com/security/products/magento/apsb20-22.html

• CVE-2020-9591
• CVE-2020-9588
• CVE-2020-9587
• CVE-2020-9586
• CVE-2020-9585
• CVE-2020-9584
• CVE-2020-9583
• CVE-2020-9582
• CVE-2020-9581
• CVE-2020-9580
• CVE-2020-9579
• CVE-2020-9578
• CVE-2020-9577
• CVE-2020-9576

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and tampering on the targeted system.

One of the vulnerabilities (CVE-2020-2883) in Oracle WebLogic Server was currently being exploited in the wild. The risk level was increased to extremely high risk correspondingly.

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation

Before installation of the software, please visit the vendor's web-site for more details.
Oracle Critical Patch Update Advisory

Multiple vulnerabilities were identified in WordPress, a remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, security restriction bypass and sensitive information disclosure on the targeted system.

• Cross-Site Scripting
• Security Restriction Bypass
• Information Disclosure

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:
WordPress version 5.4.1

No CVE information is available

• WordPress
• US-CERT

Multiple vulnerabilities have been identified in Apple iOS. A remote attacker can exploit these vulnerabilities to trigger remote code execution, denial of service, sensitive information disclosure and data manipulation in the context of the Mail app (such as MobileMail on iOS 12 or maild on iOS 13) on the targeted system.

• Denial of Service
• Remote Code Execution
• Information Disclosure
• Data Manipulation

Note: Stable version of the patch is under development – only Beta version of the patch is available at the moment.

Multiple vulnerabilities were identified in Cisco products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:
• Cisco UCS Director
Please refer to the link below for detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

• Cisco Unified Communications Manager (UCM)
Please refer to the link below for detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r

• Cisco Webex Meetings
Please refer to the link below for detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby

• CVE-2020-3177
• CVE-2020-3194
• CVE-2020-3239
• CVE-2020-3240
• CVE-2020-3243
• CVE-2020-3247
• CVE-2020-3248
• CVE-2020-3249
• CVE-2020-3250
• CVE-2020-3251
• CVE-2020-3252

Adobe has released monthly security update for their products:

• Denial of Service
• Elevation of Privilege
• Information Disclosure

Before installation of the software, please visit the vendor's web-site for more details.
• Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Multiple vulnerabilities were identified in Oracle Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and tampering on the targeted system.

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Data Manipulation

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:
Oracle Critical Patch Update Advisory

A vulnerability was identified in VMWare vCenter Server, a remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

• Information Disclosure

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:
https://www.vmware.com/security/advisories/VMSA-2020-0006.html

• CVE-2020-3952

Microsoft has released monthly security update for their products:

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Spoofing

• Extended Security Updates (ESU)
• Windows
• Microsoft Apps
• Browser
• Developer Tools
• Microsoft Dynamics
• Microsoft Office

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2020&month=04

Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit these vulnerabilities to trigger spoofing, remote code execution and security restriction bypass on the targeted system.

• Remote Code Execution
• Security Restriction Bypass
• Spoofing

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:

• Google Chrome 80.0.3987.87

• CVE-2019-18197
• CVE-2019-19880
• CVE-2019-19923
• CVE-2019-19925
• CVE-2019-19926
• CVE-2020-6381
• CVE-2020-6382
• CVE-2020-6385
• CVE-2020-6387
• CVE-2020-6388
• CVE-2020-6389
• CVE-2020-6390
• CVE-2020-6391
• CVE-2020-6392
• CVE-2020-6393
• CVE-2020-6394
• CVE-2020-6395
• CVE-2020-6396
• CVE-2020-6397
• CVE-2020-6398
• CVE-2020-6399
• CVE-2020-6400
• CVE-2020-6401
• CVE-2020-6402
• CVE-2020-6403
• CVE-2020-6404
• CVE-2020-6405
• CVE-2020-6406
• CVE-2020-6408
• CVE-2020-6409
• CVE-2020-6410
• CVE-2020-6411
• CVE-2020-6412
• CVE-2020-6413
• CVE-2020-6414
• CVE-2020-6415
• CVE-2020-6416
• CVE-2020-6417

Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit these vulnerabilities to trigger spoofing, remote code execution and security restriction bypass on the targeted system.

• Remote Code Execution
• Security Restriction Bypass
• Spoofing

Before installation of the software, please visit the vendor's web-site for more details.
Apply fixes issued by the vendor:

• Google Chrome 80.0.3987.87

• CVE-2019-18197
• CVE-2019-19880
• CVE-2019-19923
• CVE-2019-19925
• CVE-2019-19926
• CVE-2020-6381
• CVE-2020-6382
• CVE-2020-6385
• CVE-2020-6387
• CVE-2020-6388
• CVE-2020-6389
• CVE-2020-6390
• CVE-2020-6391
• CVE-2020-6392
• CVE-2020-6393
• CVE-2020-6394
• CVE-2020-6395
• CVE-2020-6396
• CVE-2020-6397
• CVE-2020-6398
• CVE-2020-6399
• CVE-2020-6400
• CVE-2020-6401
• CVE-2020-6402
• CVE-2020-6403
• CVE-2020-6404
• CVE-2020-6405
• CVE-2020-6406
• CVE-2020-6408
• CVE-2020-6409
• CVE-2020-6410
• CVE-2020-6411
• CVE-2020-6412
• CVE-2020-6413
• CVE-2020-6414
• CVE-2020-6415
• CVE-2020-6416
• CVE-2020-6417

CERT-GH confirmed that information including Proof-of-Concept code about a vulnerability (CVE-2019-19781) in Citrix Application Delivery Controller and Citrix Gateway has been made public. A remote attacker leveraging this vulnerability may execute arbitrary code. On January 12, 2020, Bad Packets released information about scanning activities that appeared to be leveraging the vulnerability.

• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing

Before installation of the software, please visit the vendor web-site for more details.
Update to the following versions via "Software Update":

• iOS 13.3.1
• iPadOS 13.3.1
• macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
• tvOS 13.3.1
• watchOS 6.1.2
• Safari 13.0.5
• iTunes 12.10.4 for Windows

• CVE-2020-3828
• CVE-2020-3829
• CVE-2020-3831
• CVE-2020-3833
• CVE-2020-3836
• CVE-2020-3837
• CVE-2020-3838
• CVE-2020-3840
• CVE-2020-3842
• CVE-2020-3841
• CVE-2020-3844
• CVE-2020-3853
• CVE-2020-3856
• CVE-2020-3857
• CVE-2020-3858
• CVE-2020-3859
• CVE-2020-3860
• CVE-2020-3861
• CVE-2020-3868
• CVE-2020-3869
• CVE-2020-3870
• CVE-2020-3872
• CVE-2020-3873
• CVE-2020-3874
• CVE-2020-3875
• CVE-2020-3878

CERT-GH confirmed that information including Proof-of-Concept code about a vulnerability (CVE-2019-19781) in Citrix Application Delivery Controller and Citrix Gateway has been made public. A remote attacker leveraging this vulnerability may execute arbitrary code. On January 12, 2020, Bad Packets released information about scanning activities that appeared to be leveraging the vulnerability.

The method of confirming whether this vulnerability is exploited is as follows;

1. Check if there is any access to the device from a suspicious IP address.
   The log of HTTP traffic to the device is recorded in httpaccess.log and httperror.log
2. Check whether traffic that exploits the vulnerability is recorded in the device log.
   If the Proof-of-Concept code that exploits this vulnerability is executed, traffic including the following string is recorded in the device.
   /vpns/
   /vpn/../vpns/cfg/smb.conf
   /vpn/../vpns/portal/scripts/newbm.pl
   /vpn/../vpns/portal/backdoor.xml
   /vpns/portal/scripts/newbm.pl
3. Check the files under the following directory on the device.
   If there is a recently created unknown xml file, the file is a malicious file created by an attacker, it is possible that an attack has been already conducted to compromise the device.
   /var/tmp/netscaler/portal/templates
   /netscaler/portal/templates
4. Check device processes and corn jobs
   Execute commands on the device to check if there is any process or corn job running by the user "nobody".
   If this vulnerability is exploited, processes are executed by a user named "nobody". If such processes are running, it is possible that an attack has been already conducted to compromise the device.

As of January 17, 2020, Citrix has not provided solution for this vulnerability. Please consider applying "V. Mitigation" or discontinuing the use of the products.

Also, Citrix is planning to provide versions addressing the vulnerability on the following dates.
January 24, 2020
- Citrix NetScaler ADC and NetScaler Gateway version 10.5
On January 24, Citrix released the version 10.5 of Citrix NetScaler ADC and NetScaler Gateway that addresses this vulnerability. Since attacks leveraging the vulnerability are still being observed, we would recommend to apply solution and check whether system has been compromised as soon as possible.

Please consider to apply the following mitigation.

• Restrict unnecessary traffic by firewall, etc
• Apply workarounds provided by Citrix

Privilege Escalation Vulnerability has been reported in Microsoft Windows Installer which could allow an attacker to execute arbitrary code on a targeted system.

This vulnerability exists due to Windows Installer fails to properly sanitize input.  A local attacker could exploit this vulnerability by accessing the system and executing an application that submits malicious input to the affected system.  Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with escalated privileges.

Apply appropriate updates as mentioned in the following
URL: https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0973
CVE Name

CVE-2019-0973

A Vulnerability has been reported in Windows kernel which could be exploited by remote attacker to disclose sensitive information on the targeted system.

This vulnerability exists in Windows kernel due to improper initialization of objects in the memory. An attacker could exploit this vulnerability by hosting specially crafted website.
Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information to further compromise the users system.

Apply appropriate patches as mentioned in Microsoft Security Bulletin
URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1039
Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1039

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1039

Cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=60599
CVE Name

CVE-2019-1039

Multiple Vulnerability have been reported in Drupal which could be exploited by an attacker to execute arbitrary commands on a targeted system.

1. Access bypass Vulnerability

   This vulnerability exists due to insufficient check user permissions to access its workflows entities.  An attacker could exploit this vulnerability by Forms Steps provides an UI to create form workflows using form modes. Successful exploitation of this vulnerability could allow the attacker to see any entities that have been created through the different steps of its multistep forms.

2. Insecure session token management Vulnerability

   This vulnerability allows you to store external images on your server and apply your own Image Styles. The module exposes cookies to external sites when making external image requests.
An attacker could exploit this vulnerability successfully take control of the targeted website.

Apply appropriate updates as mentioned in the following URL:
https://www.drupal.org/sa-contrib-2019-064
https://www.drupal.org/sa-contrib-2019-065
Vendor Information
Drupal
https://www.drupal.org/security/contrib

Drupal
https://www.drupal.org/sa-contrib-2019-064

https://www.drupal.org/sa-contrib-2019-0645

This vulnerability has been reported Apple products which could allow a remote attacker to execute arbitrary code on the targeted system.

This use after free vulnerability exists in the XNU kernel of iOS and macOS due to improper memory management.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with system privileges on the affected systems and allowing the jailbreak of the devices.

Apply appropriate security updates as mentioned in the Apple Security Advisory
Vendor Information
Apple
https://support.apple.com/en-in/HT210548
https://support.apple.com/en-in/HT210549

Multiple vulnerabilities have been reported in SAP products, which could be exploited by a remote attacker to execute arbitrary code, inject malicious code, obtain sensitive information, cause denial of service conditions, perform cross site scripting attacks or perform other unauthorized activities on a targeted system.

These vulnerabilities exist in SAP products due to unsafe deserialization error, insufficient encoding of user-controlled inputs, absence of HTTP Only flag in session cookie, incorrect hardening of the XML Parser, unencrypted communication error and other flaws in the affected software. A remote attacker can exploit these vulnerabilities by injecting malicious code, sending a specially crafted XML file, executing a "Go to statement", performing unauthorized queries, running/storing a malicious script or payload, giving a payload as keyword in the search and via other attack vectors.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, inject malicious code, obtain sensitive information, cause denial of service conditions, perform cross site scripting attacks or perform other unauthorized activities on a targeted system.


Apply appropriate patches as mentioned on SAP website: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Vendor Information
SAP
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

A Vulnerability has been reported in Azure Active Directory Authentication Library which could allow an authenticated attacker to perform actions in context of another user on the targeted system.

This vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow. An attacker could exploit this vulnerability by accessing a service configured for On-Behalf-Of flow Library that assigns incorrect tokens.
Successful exploitation of this vulnerability could allow an authenticated attacker to perform actions in context of another user.

Apply appropriate patches as mentioned in Microsoft security bulletin:
https://portal.msrc.microsoft.com/en-US/security-guidance
Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1258

Multiple vulnerabilities have been reported in Microsoft browsers and ChakraCore scripting engine, which could be exploited by a remote attacker to bypass security restrictions and execute arbitrary code on the targeted system.

1. Memory Corruption Vulnerability ( CVE-2019-1138 CVE-2019-1217 CVE-2019-1237 CVE-2019-1298 CVE-2019- 1300 )

   Multiple memory corruption vulnerabilities exist in Microsoft Edge due to improper handling of objects in the memory by the scripting engine. An attacker could exploit this vulnerability by hosting specially crafted website or websites that accept or host user provided content and convince user to view these websites. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with the privileges of the current user which could lead to further system compromise.

2. Security Feature Bypass Vulnerability ( CVE-2019-1220 )

   This vulnerability exists in Microsoft Edge due to improper handling whitelist sites by the Edge. A remote attacker could exploit this vulnerability by convincing a user to visit a specially crafted website. Successful exploitation of this vulnerability could allow a remote attacker to access URLs in a less restricted Internet Security Zone.

3. Information Disclosure Vulnerability ( CVE-2019-1299 )

   This vulnerability exists in Microsoft Edge due to improper handling of objects in the memory. An attacker could exploit this vulnerability by hosting specially crafted website or websites that accept or host user-provided content and convince user to view these websites. Successful exploitation of this vulnerability could allow the remote attacker to gain access to unauthorized sensitive data, which could lead to further system compromise.

Apply appropriate patches as mentioned in Microsoft Security Bulletin
https://portal.msrc.microsoft.com/en-US/security-guidance
Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1138
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1217
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1237
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1298
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1300
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1220
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1299

A vulnerability has been reported in EXIM email server software which could allow an attacker to execute arbitrary code with root privileges.

This vulnerability exists in the EXIM email server software due to improper handling of peer distinguished names (DN) and ServerName Indication (SNI) during a TLS negotiation. A local or remote attacker could exploit this vulnerability by sending a specially crafted SNI data during a TLS negotiation leading to a buffer overflow error.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with root privileges. Note: An Exim server which accepts TLS connections is vulnerable.

Apply appropriate patches as mentioned on EXIM website:
https://exim.org/static/doc/security/CVE-2019-15846.txt
Vendor Information
EXIM
https://exim.org/static/doc/security/CVE-2019-15846.txt