• October 25, 2021

    Linux Vulnerabilities of the Week: October 25, 2021 1. Buffer overflow in Golang (<1.16.9) Severity: Critical         CVSS Score: 9.8 This is a validation flaw in Golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments...

  • October 18, 2021

    Linux Vulnerabilities of the Week: October 18, 2021 1. Apache HTTP server vulnerability Severity: Critical         CVSS Score: 9.8 This is a path transversal and remote code execution flaw in Apache HTTP Server 2.4.49 and 2.4.50, which a remote attacker could...

  • October 17, 2021

    Top 10 Most Exploited Vulnerabilities Top of the Vulnerability Charts Music services such as Spotify, iHeartRadio, and Apple Music often release top 10 lists of their most popular songs in various categories. Justin Bieber, Ed Sheeran, and The Weeknd are...

  • October 17, 2021

    Are You Too Busy to Deploy Patches? Why Patches are Left Undeployed It can seem baffling how so many urgent security patches remain undeployed months, and sometimes years, after their publication. Even famously vicious vulnerabilities covered endlessly in the news...

  • October 13, 2021

    Top Linux Vulnerabilities for October 2021 1. Missing input validation in domain names in Node.js Severity: Critical         CVSS Score: 9.8 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing...

  • October 13, 2021

    October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat Microsoft Releases October 2021 Patch Tuesday Fixes There are 3 Critical, 67 Important and a single Low fix in this October Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft...

  • October 5, 2021

    Linux Vulnerabilities of the Week: October 4, 2021 1. Apache HTTP Server (2.4.48 and earlier) vulnerability Severity: Critical     CVSS Score: 9.8 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data...