News

Linux Vulnerabilities of the Week: May 24, 2021 1. A heap-based buffer overflow in libxml2 (<9.11) Severity: Important    CVSS Score: 8.6 There is a vulnerability in the XML entity encoding functionality of libxml2. which allows an attacker who supplied a...

Linux Vulnerabilities of the Week: May 17, 2021 1. A Linux kernel (<11.9) use-after-free flaw in drivers/vhost/vdpa.c Severity: Important    CVSS Score: 7.8 This is a vulnerability in the Linux kernel. An invalid value upon reopening a character device can cause...

Watch Out for Microsoft End-of-Life Announcements The Risks of Legacy OS Aging operating systems (OSes), browsers, and applications can bring plenty of trouble for the enterprise. And with Microsoft providing so much software to the world, its end-of-life announcements can...

Linux Vulnerabilities of the Week: May 10, 2021 1. Resource exhaustion because of receiving an invalid large TLS frame in Eclipse Jetty Severity: Important    CVSS Score: 7.5 This is a vulnerability in Eclipse Jetty. When using SSL/TLS with Jetty, the...

Dell Resolves Vulnerability Affecting Over 100 Million Devices Dell Security Flaw Dates Back to 2009 A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved. The vulnerability was caused...

Linux Vulnerabilities of the Week: May 3, 2021 1. Unsafe deserialization in XStream Severity: Critical         CVSS Score: 9.8 This is a flaw in XStream which allows a remote attacker to load and execute arbitrary code from a remote host only...

Apple Patches MacOS Zero-Day Exploit Apple Patches MacOS Bug On Monday, April 26th Apple released MacOS 11.3, a security rollup patch which remediates multiple known attack vectors. Among these vectors is CVE-2021-30657, an exploit which has been used since January...

Linux Vulnerabilities of the Week: April 26, 2021 1. Mariadb vulnerability Severity: Important    CVSS Score: 7.2 This is a remote code execution issue in some versions of MariaDB; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL....

Linux Vulnerabilities of the Week: April 19, 2021 1. Nettle (<3.7.2. version) signature verification vulnerability affecting Red Hat Enterprise Linux 8 Severity: Important    CVSS Score: 8.1 Exploiting this vulnerability, an attacker can force an invalid signature and cause an assertion...

Beware of Unpatched Fortinet VPN Devices Do You Have an Unpatched Fortinet VPN? The UK’s National Cyber Security Centre (NCSC) has issued an advisory about the dangers of unpatched Fortinet VPNs. The agency found that many British organizations have neglected...