VLC 3.0.12 fixes multiple security vulnerabilities
VLC player launched a new version to support Apple M1, which is a new version developed based on the ARM64 architecture so that Apple M1 users can get the best performance. If Apple M1...
Category: Vulnerability
CVE-2020-36193: Drupal Directory Traversal Vulnerability Alert
Drupal is a free and open-source web content management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 12% of the top 10,000...
DNSpooq Security Vulnerabilities Alert
Recently, JSOF issued a risk notice on dnsmasq, an open-source DNS forwarding software in common use. DNSpooq is the collective name of the security vulnerabilities disclosed this time named by JSOF. The report mainly...
Oracle Critical Patch Update January 2021: fix 329 secuirty vulnerability
On January 19, 2021, Oracle officially released the Critical Patch Update (CPU) Advisory for January 2021. This security update fixed 329 security vulnerabilities, of which Oracle Fusion Middleware has 60 vulnerability patch updates, mainly...
Windows 10 vulnerability: access to a specific location causes system crash
Since October last year, Windows security researcher Jonas Lykkegaard has posted multiple tweets on Twitter, stating that entering a path in the browser address will immediately cause Windows 10 to crash and display BSOD....
Microsoft fixes vulnerability (CVE-2021-1647) in Microsoft Defender
Microsoft Defender supports multiple operating systems to provide users with security protection services. Of course, even security software sometimes has the vulnerability. For example, Microsoft recently pushed a scan engine update to fix a...
Microsoft fixes multiple remote code execution vulnerabilities in Office products
The Microsoft Office team has already released the latest security update to users. This security update fixes security vulnerabilities in multiple office software components. According to the security bulletin, the most common security vulnerabilities...
Microsoft fixes security flaws (CVE-2020-0689) in Windows 10 secure boot
According to the Microsoft Security Bulletin, the company has fixed the vulnerability that the Windows 10 secure boot function was bypassed in the security update released this month. The secure boot function is usually...
CVE-2021-3129: Laravel Arbitrary Code Vulnerability Alert
Ignition is a beautiful and customizable error page for Laravel applications running on Laravel 5.5 and newer. It is the default error page for all Laravel 6 applications. It also allows to publicly share your...
Windows 10 NTFS file system has a vulnerability
According to BleepingComputer reports, researchers recently discovered a serious vulnerability in Windows 10. The vulnerability is mainly located in the NTFS file system and is very easy to trigger. The attacker only needs to...
FortiWeb Multiple High-Risk Vulnerabilities Alert
On January 04, 2021, FortiWeb issued a risk notice for multiple high-risk vulnerabilities in FortiWeb. The vulnerability numbers are CVE-2020-29015, CVE-2020-29016, CVE-2020-29019, and CVE-2020-29018. Vulnerability Detail CVE-2020-29015 A blind SQL injection in the user...
CVE-2020-17518 & CVE-2020-17519: Apache Flink Directory Traversal Vulnerabilities Alert
The Apache mailing list archives published two vulnerability (CVE-2020-17518 & CVE-2020-17519) reports. These vulnerabilities were submitted by the Ant Security FG Lab. Attackers can read and write remote files through the REST API and...
CVE-2021-3007: Zend Framework Remote Code Execution Vulnerability Alert
Zend Framework is an open-source object-oriented web application development framework. Currently, the framework has been downloaded and installed 570 million times on PHP. This week, security researchers discovered a deserialization security vulnerability (CVE-2021-3007) in...
CVE-2020-29583: Secret Backdoor Account in Several Zyxel Firewall, VPN Products
Recently, Niels Teusink, a security researcher from EyeControl, a Dutch network security company, discovered that more than 100,000 Zyxel’s firewalls, access point controllers, and VPN gateway products have administrator-level backdoor accounts. These administrator-level accounts...
CVE-2020-17526: Apache Airflow Incorrect Session Validation Vulnerability Alert
Airflow is a platform created by the community to programmatically author, schedule, and monitor workflows. Recently, an email notice issued by Apache disclosed the Apache Airflow Incorrect Session Validation in Airflow Webserver with default...
CVE-2020-10148: SolarWinds Remote Code Execution Vulnerability Alert
On December 27, 2020, SolarWinds issued a risk notice for SolarWinds code execution vulnerability, the vulnerability number is CVE-2020-10148. The vulnerability level is critical. SolarWinds disclosed a vulnerability outside the supply chain attack. This...
