Showing posts with label information disclosure. Show all posts
Showing posts with label information disclosure. Show all posts

Ajay Verma , , , , 02:14
Severity Rating: HIGH
Software Affected 
•Cisco ASA Software or FTD Software.
Overview 
Vulnerability has been reported in the web services interface of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software which could allow an unauthenticated, remote
attacker to retrieve memory contents on an affected device, which could
lead to the disclosure of confidential information. 

Description
A Vulnerability exists in the web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software due to a buffer tracking issue when the software parses invalid
URLs that are requested from the web services interface that could allow
the attacker to disclose the confidential information. An attacker could
exploit this vulnerability by sending a crafted  GET request to the web
services interface. 

Successful exploitation of this vulnerability could allow the attacker to
retrieve memory contents, which could lead to the disclosure of
confidential information. 

Solution
Apply appropriate updates as mentioned in: 
- -sa-asaftd-info-disclose-9eJtycMB

Vendor Information
CISCO
- -sa-asaftd-info-disclose-9eJtycMB

References
CISCO
- -sa-asaftd-info-disclose-9eJtycMB

CVE Name
CVE-2020-3259
Read more [..]

Ajay Verma , , , , , 01:54

Severity Rating: HIGH
Software Affected
Firefox for iOS versions 25.0 and prior
Overview
A vulnerability has been reported in Firefox for iOS that could allow a
remote attacker to access sensitive information on a targeted system.

Description
This vulnerability exists in Firefox for iOS due to improper token handling
in native-to-JS bridging implementation. A remote attacker could exploit
this vulnerability by creating a specially crafted webpage and then
convince the user to download a file hosted on the webpage. 

Successful exploitation of this vulnerability could allow the attacker to
access potentially sensitive information on the targeted system.

Solution
Update to version 26.0 from Apple App Store.
Vendor Information

Mozilla

References
Mozilla

CyberSecurityHelp

CVE Name
CVE-2020-12404
Read more [..]

Ajay Verma , , , , , , , 01:26

Severity Rating: High
Systems Affected

·        Windows 10 Version 1903 for 32-bit Systems
·        Windows 10 Version 1903 for ARM64-based Systems
·        Windows 10 Version 1903 for x64-based Systems
·        Windows 10 Version 1909 for 32-bit Systems
·        Windows 10 Version 1909 for ARM64-based Systems
·        Windows 10 Version 1909 for x64-based Systems
·        Windows 10 Version 2004 for 32-bit Systems
·        Windows 10 Version 2004 for ARM64-based Systems
·        Windows 10 Version 2004 for x64-based Systems
·        Windows Server, version 1903 (Server Core installation)
·        Windows Server, version 1909 (Server Core installation)
·        Windows Server, version 2004 (Server Core installation)

Overview
A vulnerability has been reported in Microsoft Server Message Block Server
that could allow a remote attacker to access sensitive information on the
targeted system. 
Description
This vulnerability exists in the way that the Microsoft Server Message
Block 3.1.1 (SMBv3) protocol handles certain requests. A remote attacker
could exploit this vulnerability by sending a specially crafted packet to a
targeted SMBv3 server. Successful exploitation of this vulnerability could
allow the attacker to access sensitive information on the targeted system.

Note:
This vulnerability exists in the same function as with SMBGhost
(CVE-2020-0796, CIVN-2020-0048) vulnerability.

Solution
Apply appropriate software updates as mentioned in the Microsoft advisory

- -1206

Vendor Information

- -1206

References

Zecops

bleed-cve-2020-1206-with-smbghost/

Tenable


CVE Name

CVE-2020-1206

Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top