32 matches found
Exploit for Deserialization of Untrusted Data in Microsoft
🚨 ALERTA CRÍTICA DE CIBERSEGURIDAD: RCE en WSUS CVE-2025-5928...
CVE-2021-21410
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function uncompresshdriphc does not perform proper boundary chec...
Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released
On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this...
CVE-2021-21282
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG...
Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844 , the vulnerability was discovered and reported to the company by Cléme...
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
UPDATE Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting XSS flaws could allow attackers to execute JavaScript in targets’ browsers. Including Adobe Experienc...
Critical Adobe Flaw Fixed in Out-of-Band Security Update
Adobe has released an out-of-band patch for a critical vulnerability in its Creative Cloud Desktop Application for Windows. The flaw can be exploited by an attacker to delete specific arbitrary files on the victim’s system. Creative Cloud acts as a central console for desktop users to quickly...
CVE-2020-0796 - SMBGhost
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’. Recent assessments: jorgeorchilles at March 11, 2020 1:19pm UTC reported: Summary...
Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Deprecated)
This plugin has been deprecated due to an out-of-band patch being release by the vendor. The suggested mitigation provided in ADV200005 is no longer required. Plugin 134428 should be used instead to verify the patch is properly applied. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely...
Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the Wild
Overview Microsoft released an out-of-band OOB patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately. This remote code execution bug lies in the w...
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader
Adobe released patches for seven flaws in an unscheduled update for its Acrobat Reader and DC product, which could lead to arbitrary code execution. The patches, released Wednesday, come one week after Adobe’s regularly-scheduled September update. The flaws addressed include one “critical”...
A “Patch for the Meltdown Patch” released out of band Thursday night
The Meltdown/Spectre saga continues… Late Thursday, Microsoft released a patch for Windows 7 and Server 2008 R2 operating systems to resolve CVE-2018-1038. Apparently, this vulnerability was actually introduced by the patches released in January to mitigate the effects of Meltdown. Microsoft did...
December Patch Tuesday: Quiet End to the Year
This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based. Overall, this month's updates address are fixes for 3...
Microsoft releases Emergency Patch Update for all versions of Windows
In the wake of a critical Remote Code Execution vulnerability in all supported versions of its operating system platform, Microsoft has just issued an emergency fix. Yes, it’s time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run...
Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows
Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows. The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an...
Microsoft: All Windows versions Vulnerable to FREAK Vulnerability
Recently discovered FREAK vulnerability that apparently went undetected for more than a decade is reportedly affecting all supported versions of Microsoft Windows, making the flaw more creepy than what we thought. FREAK vulnerability is a disastrous SSL/TLS flaw disclosed Monday that allows an...
Adobe Patches Shockwave, Fixes Two Vulnerabilities
Adobe joined Microsoft in releasing security patches today, sending out a fix for its Shockwave Player. The patch repairs critical vulnerabilities in the platform that could allow an attacker to remotely takeover an affected system. According to a post on its Product Security Incident Response Te...
IE Zero Day Used in Targeted Attacks Against Japanese Firms
Attackers exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser have compromised several popular local Japanese media outlets and have infected systems belonging to government, high tech and manufacturing organizations in Japan. Researchers at FireEye said the attacks appea...