Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”
Author: Dhiren Vaghela
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office, Microsoft has warned on Tuesday. Tricking victims into running malicious executables remains a popular method for getting a foothold into organizations. Numerous attempts to exploit MSHTML to compromise Microsoft Windows have … Continue reading “Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)”
Confluence Server OGNL injection Vulnerability (CVE-2021-26084)
On 31st August 2021, a critical remote code execution vulnerability was found in Confluence Server and Confluence Data Center. The vulnerability is tracked as CVE-2021-26084 and has a severity of 9.8. The OGNL (Object-Graph Navigation Language) injection vulnerability found allows an authenticated user, and in some instances unauthenticated users, to execute arbitrary code on a … Continue reading “Confluence Server OGNL injection Vulnerability (CVE-2021-26084)”
Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)
In the first week of August, Pulse Secure published an advisory and patches for vulnerability, CVE-2021-22937. This is a post-authentication, distant codification execution (i.e.,Remote Code Execution) vulnerability that exists on Pulse Connect Secure virtual backstage web (i.e.,VPN) appliances. This vulnerability, classified as CWE-434 and a CVSSv3 of 9.1, is an uncontrolled archive extraction vulnerability that … Continue reading “Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)”
Most Exploited Vulnerabilities in the Pandemic and Pre-pandemic Era
In July 2021, Cybersecurity and Infrastructure Security Agency (CISA), together with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), published an advisory notifying about the top 30 vulnerabilities that were exploited in the wild to retrieve sensitive data such as intellectual … Continue reading “Most Exploited Vulnerabilities in the Pandemic and Pre-pandemic Era”
Sequoia – Linux’s Filesystem Layer Local Privilege Escalation Vulnerability (CVE-2021-33909)
The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The Linux file system interface is implemented as a layered architecture, separating the user … Continue reading “Sequoia – Linux’s Filesystem Layer Local Privilege Escalation Vulnerability (CVE-2021-33909)”
Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)
According to Microsoft Security Bulletin published on March 09, 2021, seven vulnerabilities concerning Microsoft’s DNS server were corrected. These vulnerabilities, identified as CVE-2021-26877, CVE-2021-26897, CVE-2021-26893, CVE-2021-26894 and CVE-2021-26895, are considered critical. Among these, two allow a denial of service, while the five others allow an execution of remote arbitrary code. By default, DNS servers are … Continue reading “Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)”
Kaseya REvil Ransomware Attack
Kaseya, a Florida-based software provider, stated that their businesses have been impacted by the ransomware attack last Friday, on July 2. According to the dark web blog, the REvil gang, also known as Sodinokibi, has asked for a payout of $70 million to unlock what it claims to be “more than a million systems.” The ransom … Continue reading “Kaseya REvil Ransomware Attack”
Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)
A zero-day exploit which allows authenticated users with a regular Domain User account to gain full SYSTEM-level privileges was observed on June 29, 2021 on a fully patched Windows system. Named PrintNightmare and tracked as CVE-2021-34527, was disclosed by MS on July 1, 2021. PrintNightmare (CVE-2021-34527) is a vulnerability that allows an attacker with a … Continue reading “Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)”