The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”
Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws
Microsoft October 2021 patch Tuesday has arrived with the latest updates! In this month’s security update, Microsoft has fixed a total of 74 flaws including four zero-day vulnerabilities. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one as Low. This update covers the products such as Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge … Continue reading “Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws”
Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)
On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high. The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)
The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
A Pre-Authorization Arbitrary File Read vulnerability was discovered on 21st, July 2021 in Atlassian Confluence Server. The vulnerability (CVE-2021-26085) is found in the versions before 7.4.10 and 7.5.0 to 7.12.2. Confluence is a knowledge and collaboration environment for teams. Dynamic pages give your team a space to work on any project or concept by allowing them to … Continue reading “Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)”
Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)
Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”
Google releases emergency Chrome update to fix two zero-day vulnerabilities
Google published urgent security updates for its Chrome browser on Thursday, including a pair of new security flaws that are being exploited in the wild. CVE-2021-37975 and CVE-2021-37976 are two of four fixes that address a use-after-free weakness in the V8 JavaScript and Web Assembly engines, as well as an information leak in the core. While this Chrome update addresses four … Continue reading “Google releases emergency Chrome update to fix two zero-day vulnerabilities”
Apple macOS Finder Remote Code Execution Zero-Day Vulnerability
A zero-day security flaw in Apple’s macOS Finder system has been detected. This vulnerability allows remote attackers to fool users into running arbitrary commands. Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor. These vulnerabilities are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits. … Continue reading “Apple macOS Finder Remote Code Execution Zero-Day Vulnerability”
Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)
Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users. CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”
VMware vCenter Affected By Critical Vulnerabilities
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”