Recently, fusionauth issued a CVE-2020-7799 vulnerability warning, with a high vulnerability level. A problem was found in FusionAuth versions prior to 1.11.0. “An authenticated user, allowed to edit e-mail templates (Home -> Settings ->...
OpenWrt has revealed that a security vulnerability (CVE-2020-7982) has been fixed. Hackers can use this vulnerability to remotely trigger and gain router management rights. Of course, the vulnerability is now disclosed, this has been...
Twitter revealed that it found and suspended accounts that abused features that allowed users to match phone numbers with usernames. The announcement of the privacy issue also confirmed a vulnerability discovered by researcher Ibrahim...
Recently, Microsoft releases Intel microcode updates to Windows 10 to mitigate data sampling vulnerabilities. This microcode update covers all supported versions of Windows 10. However, Microsoft has not pushed these microcode updates directly to...
Researchers at Israeli cybersecurity company Check Point disclosed details of two potentially high-risk vulnerabilities in Microsoft Azure App Service. These vulnerabilities, if exploited, may affect Multiple businesses running their web and mobile applications on...
Recently, OpenSMTPD 6.6.2p1 released to addresses a security vulnerability. The vulnerability number is CVE-2020-7247. This flaw is caused by OpenSMTPD’s inadequate sender/recipient verification during the implementation of RFC 5321. OpenSMTPD is an smtp server...
Security researchers at the University of Michigan have just disclosed details of vulnerabilities affecting multiple Intel processors. As a speculative execution attack, the CacheOut vulnerability numbered CVE-2020-0549 can be exploited to leak sensitive data...
Apple’s Safari browser has a built-in smart tracking blocklist feature that can automatically block certain websites or ad network scripts from tracking users. However, what Apple didn’t expect was that the original function to...
The latest security bulletin issued by Microsoft’s Security Response Center states that a zero-day vulnerability in Internet Explorer has been found in the wild and used by hackers. This problem occurs when the browser...
Recently, Bitbucket officially released a security notice, which contained three remote code execution vulnerabilities, and the vulnerability level is critical. Bitbucket is a web-based version control repository hosting service owned by Atlassian, for source...
On Friday, January 17, there was a high-risk memory corruption vulnerability (CVE-2020-0674) in the security update released by Microsoft. The vulnerability stems from software not being able to handle objects in memory correctly, and...
On January 17, 2020, we monitored that Spring officially released the CVE-2020-5398 vulnerability warning, with a high vulnerability level. In the Spring Framework, versions 5.2.x before 5.2.x, versions 5.1.x before 5.1.13, and 5.0.x before...
Google Chrome v79.0.3945.130 releases. This upgrade is mainly an update of security fixes and stability improvements and the user experience. This update includes 11 security fixes. Below, we highlight fixes that were contributed by...
On January 15, 2020, we monitored that Oracle officially released the CVE-2020-2551 vulnerability notice, and the vulnerability level was high. We judge that the vulnerability level is a high risk, and the harm/impact is...
On January 15, 2020, we monitored that Microsoft released a security update for January 2020, which fixed a Windows CryptoAPI validation bypass vulnerability (CVE-2020-0601). The vulnerability was reported to Microsoft by the NSA. The...
Adobe released the Adobe January 2020 Patch Tuesday, addressing multiple vulnerabilities in Illustrator and Experience Manager. The security bulletin states: “Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03)....
