Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability is a remote-control execution vulnerability affecting Microsoft SharePoint Server. The vulnerability was assigned a CVSSv3 score of 7.2 and could allow an authenticated site owner to execute code on an affected SharePoint Server. This RCE was patched as part of the May 2023 Patch Tuesday release. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all System and Network admins to review and implement the appropriate fix. The details of the updates can be found here.

RELATED ADVISORIES

Advisories 9 May 2024

Vulnerabilities in Cisco ASA and FTD Software

Cisco disclosed three vulnerabilities in its management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software product. The vulnerability allows an attacker to cause a DoS condition by sending a crafted HTTP request to the web server on a targeted device. A successful exploit would result in an unexpected reloading of the device. This vulnerability is due to incomplete error checking when parsing an HTTP header. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all system and network admins to review and implement the appropriate patches. The details of the updates are:

Unauthenticated Command Injection vulnerability in SD-WAN Edge (VMware)

Advisories 9 May 2024

Android Pixel Privilege Escalation Vulnerability

Advisories 9 May 2024

Cisco Releases Security Updates for IOS XR Software

Advisories 9 April 2024

Forticlient EMS flaw actively exploited in the wild

Advisories 9 April 2024

Joomla Security Update

Advisories 28 February 2024

Microsoft Exchange Server Security Advisory

Advisories 28 February 2024