Mozilla has recently fixed a vulnerability in the Android version of Firefox. Attackers can use the vulnerability to hijack the user’s browser. Researchers claim that if they successfully exploit the vulnerability, they can even...
When Microsoft released a cumulative update in August 2020, it also disclosed a high-risk elevation of privilege vulnerability (EoP), which rated the maximum 10.0 in severity. A score of 10 points means that this...
Microsoft February 2020 Patch Tuesday security updates fix a critical vulnerability, which is a remote code execution vulnerability (CVE-2020-0618) in Microsoft SQL Server Reporting Services (SSRS). Recently, we have been detected that PoC for...
Recently, IBM issued a security bulletin, announcing an arbitrary code execution vulnerability (CVE-2020-4703) in IBM Spectrum Protect Plus. The vulnerability allows an authenticated attacker to upload arbitrary files, which can execute arbitrary code on...
Recently, VMware Tanzu issued a security bulletin, announcing a Reflected File Download (RFD) vulnerability, CVE-2020-5421 that exists in the Spring Framework. CVE-2020-5421 can bypass the protection against RFD attacks through the jsessionid path parameter....
On September 15, 2020, the Apache mailing group issued a risk notice on the Apache Superset remote code execution vulnerability. The vulnerability number is CVE-2020-13948, the vulnerability level is a high risk. An authenticated...
Microsoft released a September security update to fix a critical-level vulnerability, which is a remote code execution vulnerability (CVE-2020-16875) in Microsoft Exchange Server. In view of the fact that relevant PoC has appeared on...
Recently, Palo Alto Networks (PAN) issues a security bulletin, disclosing a serious vulnerability numbered CVE-2020-2040 with a CVSS score of 9.8. This vulnerability is a buffer overflow vulnerability in PAN-OS. When a captive portal...
The Microsoft Mail application, Outlook comes with contacts and calendar functions so that users can record mail arrangements to the calendar, of course, users can also take the initiative to create a new calendar....
On September 10, the Apache Software Foundation issued a security bulletin to fix the Apache DolphinScheduler permission override vulnerability (CVE-2020-13922) and Apache DolphinScheduler remote code execution vulnerability (CVE-2020-11974). CVE-2020 -11974 is related to the...
On September 8, 2020, Microsoft officially released Patch Tuesday, September. The security update patches for 129 vulnerabilities (23 serious vulnerabilities, 105 high-risk vulnerabilities), mainly covering Windows operating system, IE/Edge browser, ChakraCore, SQL Server, Office...
On September 8, 2020, Microsoft Exchange issued a risk notice for Exchange command execution vulnerability, the vulnerability number is CVE-2020-16875, the vulnerability level is serious, and the vulnerability score is 9.1. By constructing special...
Many years ago, Google’s Project Zero cybersecurity team disclosed the security vulnerabilities that Microsoft still repaired. According to Google’s regulations, the details of the vulnerabilities will be disclosed three months after the vulnerability is...
Spectre and Meltdown series vulnerabilities are security vulnerabilities in Intel processors, mainly caused by speculative execution used by Intel Hyper-Threading technology. This series of security vulnerabilities pose a great threat to enterprises and data...
On September 1, 2020, Apache officially released a risk notice for the Apache Cassandra RMI rebind vulnerability. The vulnerability number is CVE-2020-13946, the vulnerability level is medium, and the vulnerability score is 6.8. The...
On August 25, 2020, Jackson-databind issued a risk notice for Jackson-databind serialization vulnerability, the vulnerability number is CVE-2020-24616, vulnerability level is a high risk, vulnerability score is 7.5. There is a new deserialization exploit...
