Google has rolled out patches for its chrome browser addressing multiple vulnerabilities, including a high severity zero-day vulnerability (CVE-2022-2856). Google addressed the vulnerability stating, “Google is aware that an exploit for CVE-2022-2856 exists in the wild”. The security update is currently rolling out for Windows, Mac and Linux Operating systems. Google described the zero-day (CVE-2022-2856) … Continue reading “Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)”
Tag: vulnerability
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
A Pre-Authorization Arbitrary File Read vulnerability was discovered on 21st, July 2021 in Atlassian Confluence Server. The vulnerability (CVE-2021-26085) is found in the versions before 7.4.10 and 7.5.0 to 7.12.2. Confluence is a knowledge and collaboration environment for teams. Dynamic pages give your team a space to work on any project or concept by allowing them to … Continue reading “Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)”
Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)
Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”
Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)
Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users. CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office, Microsoft has warned on Tuesday. Tricking victims into running malicious executables remains a popular method for getting a foothold into organizations. Numerous attempts to exploit MSHTML to compromise Microsoft Windows have … Continue reading “Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)”
Confluence Server OGNL injection Vulnerability (CVE-2021-26084)
On 31st August 2021, a critical remote code execution vulnerability was found in Confluence Server and Confluence Data Center. The vulnerability is tracked as CVE-2021-26084 and has a severity of 9.8. The OGNL (Object-Graph Navigation Language) injection vulnerability found allows an authenticated user, and in some instances unauthenticated users, to execute arbitrary code on a … Continue reading “Confluence Server OGNL injection Vulnerability (CVE-2021-26084)”
Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)
In the first week of August, Pulse Secure published an advisory and patches for vulnerability, CVE-2021-22937. This is a post-authentication, distant codification execution (i.e.,Remote Code Execution) vulnerability that exists on Pulse Connect Secure virtual backstage web (i.e.,VPN) appliances. This vulnerability, classified as CWE-434 and a CVSSv3 of 9.1, is an uncontrolled archive extraction vulnerability that … Continue reading “Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)”
Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)
Another zero-day vulnerability of Google Chrome was in the news in mid-July 2021. The zero-days prior to this one were as follows: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21206 – April13th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 CVE-2021-30551 – June 9th, … Continue reading “Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)”
Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)
According to Microsoft Security Bulletin published on March 09, 2021, seven vulnerabilities concerning Microsoft’s DNS server were corrected. These vulnerabilities, identified as CVE-2021-26877, CVE-2021-26897, CVE-2021-26893, CVE-2021-26894 and CVE-2021-26895, are considered critical. Among these, two allow a denial of service, while the five others allow an execution of remote arbitrary code. By default, DNS servers are … Continue reading “Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)”