Announcing the Hillstone X10800 Next-Gen Data Center Firewall Platform

We are proud to announce the release of the X10800, a Next-Gen Data Center Firewall delivers up to 1 Tbps throughput, and supports the full suite of security services. Hillstone X10800 is specifically designed to meet the ever-growing security requirements of large cloud infrastructures with higher performance, scalability, and reliability. By 2021, Cisco predicts that…

Vulnerability Notification: Microsoft Office Graph Chart Out-Of-Bounds Write

[Overview] Microsoft Office is an office software suite based on the Windows operating system, including Word, Excel, etc. Microsoft Graph is a component for document insertion and charts and graphs editing. Recently, Microsoft fixed a remote code execution vulnerability in Office. [Vulnerability Details] CVE-2018-8157: This vulnerability is due to incorrect verification of PaletteRecord when processing…

Vulnerability Notification: Oracle WebLogic Server deserialization

[Overview] Oracle WebLogic is an enterprise multi-layer application server based on Java architecture. It is commonly used to develop, integrate, deploy, and manage web applications and database applications. Recently, Oracle repaired a high-risk WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-2628: This vulnerability is due to the deserialization of suspicious data in T3 requests. An unauthenticated…

Vulnerability Notification: Apache HTTP Server Denial of Service

[Overview] The Apache HTTP server is currently the most popular web server, which supports the use of various runtime loaded modules to extend its functionality. Recently, Apache HTTP Server fixed a denial of service vulnerability. [Vulnerability Details] CVE-2018-1303: The vulnerability is due to an incorrect validation of the HTTP request header. An attacker could exploit…

Vulnerability Notification: Electron setAsDefaultProtocolClient Command Injection

[Overview] Electron is an open source framework for developing desktop GUI applications that enables developers to build native programs across MAC, Windows, and Linux using web technologies such as JavaScript, HTML, and CSS. Electron recently fixed an Electron remote code execution vulnerability that affects custom protocol handlers. [Vulnerability Details] CVE-2018-1000006: The vulnerability is caused by…