VMware Multiple Vulnerabilities (VMSA-2020-0026)

On November 19, 2020, VMware published an advisory addressing critical vulnerabilities in various VMware products. VMware has evaluated the severity of CVE-2020-4004 to be “Critical” with a maximum CVSSv3 base score of 9.3. The severity of CVE-2020-4005 has been evaluated to be “Important” with a maximum CVSSv3 base score of 8.8. Affected VMware Products VMware … Continue reading “VMware Multiple Vulnerabilities (VMSA-2020-0026)”

VMware Multiple Vulnerabilities (VMSA-2020-0015)

VMware issued a new security advisory on 23rd June,2020. VMSA-2020-0015 Addressed the ten security vulnerabilities in various VMware products. Among these multiple vulnerabilities, a bug, CVE-2020-3962 is a critical vulnerability with a 9.3 CVSSv3 base score. Rest nine flaws are of Important and Moderate severity. Affected VMware Products: VMware ESXi VMware Workstation Pro/Player (Workstation) VMware … Continue reading “VMware Multiple Vulnerabilities (VMSA-2020-0015)”

Mozilla Firefox, Firefox ESR, and Thunderbird Security Updates

Overview: Mozilla has released a security advisory to address multiple vulnerabilities. By exploiting these vulnerabilities, an attacker could take control of a vulnerable system. In this security updates, Mozilla addressed total 8 vulnerabilities in Firefox, Firefox ESR, and Thunderbird.  Out of 8, five vulnerabilities flagged as High, one rated as Moderate, two rated as Low in severity. Timing … Continue reading “Mozilla Firefox, Firefox ESR, and Thunderbird Security Updates”

Google Chrome use-after-free Vulnerability (CVE-2020-6457)

Summary: In the headlines today, we have, Amidst the global lockdown, in the same week where Microsoft had confirmed seven critical vulnerabilities for Windows 10 users, Google has confirmed what it refers to as a critical security vulnerability. Google has not disclosed more details on the vulnerability, but independent cyber-security experts have dug into the … Continue reading “Google Chrome use-after-free Vulnerability (CVE-2020-6457)”

VMware Workstation and Fusion Guest-to-Host Escape Vulnerability

VMware issued a Security Advisory for Guest-to-Host Escape Vulnerability, VMSA-020-0004. VMSA-2020-0004 also includes the other two important vulnerabilities in VMware Horizon Client for Windows and VMRC for Windows, (CVE-2019-5543, CVE-2020-3948) CVE-2020-3947 has assigned to Guest-to Host Escape vulnerability. The vendors labeled it a critical severity bug with a CVSS score of 9.3 What is the … Continue reading “VMware Workstation and Fusion Guest-to-Host Escape Vulnerability”

Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)

Summary: In the first week of April, amidst of global lockdown environment, Mozilla Foundation had to publish advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). Firefox gets fixes for two zero-days exploited in the wild. The frequency of exploiting browsers, particularly mozilla has been trending since the start of this year. … Continue reading “Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)”

Linux Kernel Use-After-Free Vulnerability

Description: A kernel use-after-free vulnerability was identified in the XFRM netlink subsystem.There is an out-of-bounds array access in __xfrm_policy_unlink, which causes denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. This vulnerability also leads to local privilege escalation.This issue was assigned under CVE-2019-15666. For more details about the vulnerability please visit here. Affected Products: … Continue reading “Linux Kernel Use-After-Free Vulnerability”

Adobe Flash Player Use After Free Vulnerability: APSB18-42

A publicly exploited use after free vulnerability leading to arbitrary code execution was discovered in the Adobe Flash Player. Adobe has addressed this vulnerability in APSB18-42, by releasing the latest version – An additional insecure library loading vulnerability, which leads with privilege escalation via DLL hijacking attacks was also remediated via this update. MITRE has assigned CVE-2018-15982 … Continue reading “Adobe Flash Player Use After Free Vulnerability: APSB18-42”

VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373

A use-after-free (UAF) vulnerability has been discovered in the Windows VBScript engine. Upon successful exploitation an attacker can achieve remote code execution on the target. CVE-2018-8373 has been assigned to track this vulnerability. CVE-2018-8373 is being exploited in the wild similar to CVE-2018-8174. The issue affects Internet explorer 9-11 unless VBScript is disabled by default. … Continue reading “VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373”

JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267

A zero-day vulnerability in the JScript has been disclosed to Microsoft. CVE-2018-8267 has been assigned to track this vulnerability. Microsoft has accepted the disclosure, the advisory addressing the issue has been released. It is a use-after-free vulnerability in Windows JScript, the vulnerability is due to improper handling of error objects by JScript. Upon successful exploitation an attacker can gain … Continue reading “JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267”