Summary: Two critical vulnerabilities were observed as CVE-2020-8616 and CVE-2020-8617 for ISC BIND in May 2020. To address those vulnerabilities patches were released. ISC Berkeley Internet Name Domain (BIND) is the most widely used Domain Name System (DNS) software on the Internet. This vulnerability can be exploited when an unwanted user get an access of … Continue reading “ISC BIND NXNSAttack Vulnerability (CVE-2020-8616,CVE-2020-8617)”
Tag: vulnerability
CISCO ANYCONNECT secure mobility client on Windows Privilege Escalation Vulnerability (CVE-2020-3153)
Summary: Recently,a critical vulnerability was observed in wild in Cisco AnyConnect Secure Mobility Client on Windows. Its a privilege escalation vulnerability occurs with a manipulation with an unknown input. Classified as CWE-427 impacting the CIA triad. Description: This vulnerability is exploitable only by an authenticated as well as local attacker. It allows an attacker to … Continue reading “CISCO ANYCONNECT secure mobility client on Windows Privilege Escalation Vulnerability (CVE-2020-3153)”
Thunderspy attacking Thunderbolt enabled PCs
Summary: In February 2020, researchers reached out to Intel with a report on Thunderbolt, which they refer to as “Thunderspy”. The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019. Description: This Vulnerability is in fact new, and their … Continue reading “Thunderspy attacking Thunderbolt enabled PCs”
Telerik UI Remote Code Execution via Insecure Deserialization (CVE-2019-18935)
Summary: In the start of May 2020, a mischievous exploit has been out in the wild that uses two CVEs in combination to perform insecure deserialization to a vendor named Telerik. The vulnerability lies in a suite of UI components for web applications called Telerik UI for ASP.NET AJAX. The insecure deserialization of JSON objects … Continue reading “Telerik UI Remote Code Execution via Insecure Deserialization (CVE-2019-18935)”
Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)
Summary: Amidst the global Pandemic, a serious hacking campaign is currently underway, and several companies have been hacked already., that stands in Fortune 500 companies. For the past 24 hours, hackers have been mass-scanning the internet for Salt, a type of software used as configuration management inside data centers, cloud server clusters, and enterprise networks. … Continue reading “Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)”
Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)
Summary: Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10. Description: WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing … Continue reading “Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)”
Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
Vulnerability Overview Recently in the month of February 2020 Microsoft has released patches for 99 CVE’s. It was a large number of fixes in a single month. One of them being CVE-2020-0729 involving window LNK files, also known as shortcut files. CVE-2020-0729 is a remote code execution vulnerability using windows shortcut files. What makes this … Continue reading “Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)”
Google Chrome use-after-free Vulnerability (CVE-2020-6457)
Summary: In the headlines today, we have, Amidst the global lockdown, in the same week where Microsoft had confirmed seven critical vulnerabilities for Windows 10 users, Google has confirmed what it refers to as a critical security vulnerability. Google has not disclosed more details on the vulnerability, but independent cyber-security experts have dug into the … Continue reading “Google Chrome use-after-free Vulnerability (CVE-2020-6457)”
Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)
Summary: In the first week of April, amidst of global lockdown environment, Mozilla Foundation had to publish advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). Firefox gets fixes for two zero-days exploited in the wild. The frequency of exploiting browsers, particularly mozilla has been trending since the start of this year. … Continue reading “Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)”
