Chrome has released an update for Windows, Mac, and Linux to address multiple vulnerabilities. The vulnerabilities are rated from medium to high. The advisory addressed fixes for 14 security vulnerabilities that are mentioned below: CVE-2022-3652: Type Confusion in V8. This flaw was reported by srodulv and ZNMchtss from S.S.L Team. CVE-2022-3653: Heap buffer overflow in Vulkan. This flaw was … Continue reading “Google Chrome Releases New Version to Address Multiple Vulnerabilities”
Tag: multiple vulnerabilities
VMware vCenter Affected By Critical Vulnerabilities
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”
Dell Client Platform BIOSConnect and HTTPS Boot Multiple Vulnerabilities (DSA-2021-106, CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)
Dell Technologies published an advisory on June 24, 2021 notifying customers of a set of vulnerabilities that can be combined to impersonate Dell.com and take control of the target devices’ boot process to break OS-level security controls. The vulnerabilities affect a wide range of Dell systems. Dell recommends that all customers update to the latest … Continue reading “Dell Client Platform BIOSConnect and HTTPS Boot Multiple Vulnerabilities (DSA-2021-106, CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)”
21 Nails: Exim Mail Server Multiple Vulnerabilities
The Qualys Research Team (QRT) has discovered multiple vulnerabilities in the Exim mail server, some of the which can be chained together and have devastating impact via full remote unauthenticated code execution to gain root privileges. The name “21Nails” is a pun intended on vulnerabilities in a “Mail” transfer agent, corresponding to each CVE listed … Continue reading “21 Nails: Exim Mail Server Multiple Vulnerabilities”
SAP Multiple Vulnerabilities (CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CVE-2010-5326)
Unpatched SAP applications are vulnerable and actively exploited in the wild as per the report jointly published by SAP and Onapsis on Tuesday. Applications such as enterprise resource planning, customer relationship management software, and supply chain systems are being targeted. Onapsis researchers have recorded more than 300 successful exploit attempts from the middle of 2020 … Continue reading “SAP Multiple Vulnerabilities (CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CVE-2010-5326)”
Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)
Recently, on 16th Feb, 2021, Google released a stable update to address a number of CVEs – CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156 and CVE-2021-21157. Multiple vulnerabilities were discovered in Google Chrome that allowed an attacker to create a security problem, which has not been specified by the publisher yet. No POC or … Continue reading “Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)”
QSnatch malware aka “Derek” multiple vulnerabilities
In mid-June 2020, QNAP devices were found to be vulnerable to older Qsnatch malware campaigns of 2014 and 2017. Description The vulnerabilities due to Qsnatch has high to critical impact on QNAP NAS devices. A joint advisory published by CISA and NCSC says that “it has infected 62,000 devices worldwide, including 3900 in the UK … Continue reading “QSnatch malware aka “Derek” multiple vulnerabilities”