The US Cybersecurity Infrastructure and Security Agency (CISA) warned that a low-level TCP/IP software library developed by Treck has serious vulnerabilities, allowing remote attackers to run arbitrary commands and launch denial of service (DoS)...
As Microsoft exceeds 90 days, with an extension of 14 days, Google Project Zero will continue to publish details of the security vulnerabilities that have been exploited in Windows 10. According to Google’s regulations,...
On December 15, 2020, Nexus Repository Manager 3 issued a risk notice for the Nexus Repository Manager 3 XML External Entities Injection Vulnerability. The vulnerability number is CVE-2020-29436. The vulnerability level is high risk....
Google often announces certain unfixed security vulnerabilities, this situation seems to be very common to Google, even if the developers object. Previously, Google was complained by Microsoft for disclosing vulnerabilities that Microsoft has not...
On December 13, 2020, FireEye issued an analysis report on the SolarWinds Supply Chain Attack report. SolarWInds products have a one-year supply chain attack, and multiple backdoors have been implanted in their products. The...
On December 13, 2020, XStream issued a risk notice for Server-Side Forgery Requests and Arbitrary File Deletion vulnerabilities. The vulnerability numbers are CVE-2020-26259 and CVE-2020-26258. The vulnerability level is high risk. On the service...
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. Kubernetes accomplishes this by organizing application containers into Pods, nodes (physical or virtual machines), and clusters,...
In November 2020, VMware issued a security advisory, saying that the National Security Agency NSA reported a command injection vulnerability (CVE-2020-4006) in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector...
On December 8, Forescout Research Lab disclosed a total of 33 vulnerabilities in four open-source TCP/IP software libraries. This series of vulnerabilities are collectively referred to as AMNESIA:33, and the affected software libraries are...
In the latest security update released by Microsoft in December, a remote code execution vulnerability (CVE-2020-17144) in Microsoft Exchange Server 2010 was announced, which is officially rated High. The vulnerability is caused by the...
On December 8, 2020, Microsoft officially released a risk notice for the December security update. This security update patches for 58 vulnerabilities, mainly covering the following components as Windows operating system, IE/Edge browser, ChakraCore,...
On December 8, 2020, openssl had issued a risk notice for the openssl denial of service vulnerability. The vulnerability number is CVE-2020-1971. The vulnerability level is high risk. When OpenSSL processes EDIPartyName (X.509 GeneralName...
On December 8, 2020, Apache Struts2 issued a risk notice for Apache Struts2 code execution vulnerability. The vulnerability number is CVE-2020-17530. The vulnerability level is high risk. In a specific environment, remote attackers can...
On November 30, 2020, containerd had issued a risk notice for containerd’s privilege escalation vulnerability. The vulnerability number is CVE-2020-15257, the vulnerability level is medium. containerd fixes a container permission escape vulnerability. The essence...
Last week we mentioned that the researcher found that Windows 7 and Windows Server 2008 (R2) performance monitoring registry has security configuration errors. This configuration error can be used to escalate the privileges of...
A few days ago, French security researchers accidentally discovered vulnerabilities in Windows 7 and Windows Server 2008, which have been discontinued. The attacker only needs to use very easy steps to elevate the privileges...
