91 matches found
Google Chrome Bug Actively Exploited as Zero-Day
Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrom...
Active Exploitation of VMware Horizon Servers
This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...
Grafana releases an emergency patch for a Zero-Day vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft Edge Chromium-based exists as a result of a use-after-free Grafana, a database analyzing, and monitoring tool used by major companies has been affected by a high severe zero-day...
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a...
Unpatched Apple Zero-Day Allows Code Execution
A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it. For those not in the Apple camp, the macOS Finder is the default file manager and GUI...
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain...
Microsoft Issues Emergency Patch for Windows Flaw
Microsoft on Tuesday issued an emergency software update to quash a security bug thats been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsofts normal monthly Patch Tuesday release, and...
Microsoft issues emergency patch to fix PrintNightmare vulnerability
By Waqas Microsoft is urging customers to "install these updates immediately" and protect their PCs against the widely exploited PrintNightmare vulnerability. This is a post from HackRead.com Read the original post: Microsoft issues emergency patch to fix PrintNightmare vulnerability...
Microsoft Releases Emergency Patch for PrintNightmare Bugs
Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution RCE vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the...
Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as...
PT-2020-4510 · Oracle · Oracle Weblogic Server
Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 Description: The issue is related to a vulnerability in the Oracle WebLogic Server product, specifically in the Console component. This vulnerability allows an unauthenticated...
CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know
Updates September 16, 2020 Samba domain controllers before 4.8 have been confirmed to be vulnerable to CVE-2020-1472. There are now multiple public PoC exploits available, most if not all of which are modifications to Secura’s original PoC built on Impacket. There are reports of the vulnerability...
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware , which can propagate itself from one vulnerable computer to another automatically. The vulnerability,...
blogavenger.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1098452 Security Researcher geeknik Helped patch 8956 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blogavenger.com website an...
Apple Fixes iOS Flaw That Opened iPhones to Jailbreaks
Apple has released an emergency patch fixing a kernel vulnerability – for the second time – after it was accidentally unpatched in iOS 12.4. The flaw CVE-2019-8605, a use-after-free issue existing in the kernel, could enable a malicious application to execute arbitrary code with system privileges...
New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by a...
Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition
Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another...
Adobe Patches Critical Photoshop, Digital Edition Flaws
Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...
Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few...