Adobe has released security updates to address Out-of-Bounds Read, Out-of-Bounds Write, Type Confusion, use-after-free and Heap Overflow vulnerabilities. Among the vulnerabilities patched by Adobe, CVE-2021-28550 is a zero-day that needs immediate attention. CVE-2021-28550 is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader, and is being actively exploited in the wild on Windows devices. … Continue reading “Adobe Reader arbitrary code execution vulnerability (CVE-2021-28550)”
Tag: vulnerability
Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
As a part of their usual process of Patch Tuesday, Microsoft has released patches to mitigate security flaws in products such as Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. A new Windows network Remote Code Execution (RCE) zero-day exploit – CVE-2021-31166, has been in the news since Patch Tuesday. … Continue reading “Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)”
Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability
The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit. Unless a threat … Continue reading “Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability”
Google Chrome Zero-day Remote Code Execution Vulnerability
Rajvardhan Agarwal, a security researcher, recently tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. Hereleased a working proof-of-concept exploit for the RCE for the V8 JavaScript engine in Chromium-based browsers. This zero-day concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web … Continue reading “Google Chrome Zero-day Remote Code Execution Vulnerability”
DNSpooq vulnerability (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)
Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, operating systems, access points, and other networking equipment. Multiple organizations, operating systems and products were affected by the DNSpooq vulnerability. Attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks on affected … Continue reading “DNSpooq vulnerability (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)”
SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)
Tracked as CVE-2020-6207, an age-old critical vulnerability with a CVSS score of 10 has come into the limelight at the start of 2021. The vulnerability belongs to SAP Solution Manager version 7.2 (March 2020), for which SAP released a patch in March 2020. SolMan is a centralized application used to manage on-premises, hybrid, and cloud … Continue reading “SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)”
Citrix SD-WAN Center Remote Code Execution Vulnerability (CVE-2020–8271, CVE-2020–8272, CVE-2020–8273)
Overview Enterprises and businesses use SD-WAN as a cloud-based networking platform. Situated in different locations, it allows locations and cloud instances to be connected to each other and to company resources. It also applies software control to manage the processes including the orchestration of resources and nodes. Remote Code Execution (RCE) vulnerabilities (CVE-2020–8271, CVE-2020–827, and … Continue reading “Citrix SD-WAN Center Remote Code Execution Vulnerability (CVE-2020–8271, CVE-2020–8272, CVE-2020–8273)”
Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)
A severe bug identified as CVE-2020-1472 with a criticality of 10 is being exploited publicly in the wild. This bug can take over Windows Servers running as Domain Controllers with domain-level privileges from a remote unauthenticated user. A Dutch team, collectively known as Secura, has published an exploit on Github with a technical writeup. According … Continue reading “Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)”
Apache Struts 2 Remote Code Execution Vulnerability (CVE-2019-0230, CVE-2019-0233)
Apache Struts Security Team has addressed two possible RCE bugs – CVE-2019-0230 and CVE-2019-0233 in their latest advisories published on August 13, 2020. Description Struts 2 is an open source coding framework for companies to create Java-based applications. The installations of Apache Struts 2, which are outdated, can be tentatively used to exploit CVE-2019-0230 as … Continue reading “Apache Struts 2 Remote Code Execution Vulnerability (CVE-2019-0230, CVE-2019-0233)”
Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)
Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a … Continue reading “Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)”