The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”
Author: Diksha Ojha
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
A Pre-Authorization Arbitrary File Read vulnerability was discovered on 21st, July 2021 in Atlassian Confluence Server. The vulnerability (CVE-2021-26085) is found in the versions before 7.4.10 and 7.5.0 to 7.12.2. Confluence is a knowledge and collaboration environment for teams. Dynamic pages give your team a space to work on any project or concept by allowing them to … Continue reading “Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)”
Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)
Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”
Google releases emergency Chrome update to fix two zero-day vulnerabilities
Google published urgent security updates for its Chrome browser on Thursday, including a pair of new security flaws that are being exploited in the wild. CVE-2021-37975 and CVE-2021-37976 are two of four fixes that address a use-after-free weakness in the V8 JavaScript and Web Assembly engines, as well as an information leak in the core. While this Chrome update addresses four … Continue reading “Google releases emergency Chrome update to fix two zero-day vulnerabilities”
Apple macOS Finder Remote Code Execution Zero-Day Vulnerability
A zero-day security flaw in Apple’s macOS Finder system has been detected. This vulnerability allows remote attackers to fool users into running arbitrary commands. Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor. These vulnerabilities are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits. … Continue reading “Apple macOS Finder Remote Code Execution Zero-Day Vulnerability”
Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)
Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users. CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”
