A new zero-day vulnerability has been discovered in the Nginx LDAP-auth daemon implementation, which allows remote code execution on a vulnerable system. Nginx is an open-source HTTP and reverses proxy server, a mail proxy server, and a generic TCP/UDP proxy server. Large numbers of servers use Nginx as a load balancer. The … Continue reading “Nginx Zero-Day Remote Code Execution Vulnerability”
Tag: Zero-day Vulnerability
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
Update: On March 31, Spring provided official confirmation and CVE-2022-22965 is now assigned to this vulnerability. Qualys Research Team has released QIDs as of March 30 and will keep updating those QIDs as new information is available. On March 30, a new zero-day Remote Code Execution (RCE) vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An … Continue reading “Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability”
Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096
Google has released an emergency update to address a high-severity zero-day vulnerability – CVE-2022-109). The vulnerability, reported by an anonymous security researcher, is said to be exploited in the wild. This zero-day vulnerability is a type-confusion flaw in the Chrome V8 JavaScript engine. A type-confusion error arises when a resource (e.g., a variable or … Continue reading “Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096”
Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)
A remote code execution vulnerability in Apache Log4j2 was discovered on the Internet on December 9, 2021, and is actively being exploited in the wild. In Apache Log4j2, attackers can create customized requests to execute remote code. Users are recommended to examine related vulnerabilities as soon as possible due to the wide spectrum of impact … Continue reading “Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)”
Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)
Grafana Labs released an emergency security upgrade to fix a zero-day flaw that permitted remote access to local files. Security researchers released proof-of-concept code to exploit the flaw over the weekend. Before Grafana Labs gave out patches for affected versions 8.0.0-beta1 through 8.3.0, details regarding the issue became public earlier this week. Tracked as CVE-2021-43798, this is … Continue reading “Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)”
