If you are using Microsoft Exchange Server, you should now install the emergency security update released by Microsoft to fix serious security vulnerabilities. According to the Microsoft Security Bulletin, the CVE-2021-26858 and CVE-2021-27065 zero-day...
On March 1, the Apache Software Foundation issued a security notice to fix an RCE vulnerability (CVE-2021-25329) via session persistence. This vulnerability is bypassed by the CVE-2020-9484 patch. If Tomcat’s session persistence using an...
Google often announces security vulnerabilities in Microsoft products with its security rules, even if sometimes Microsoft has not had time to fix the vulnerabilities, Google will disclose the details. The reason given by the...
Previously, some researchers accidentally discovered that Microsoft’s NTFS file system was flawed, and users only needed to access a path containing certain special strings and it would crash. Although this problem is unlikely to...
Built on Python, Salt uses simple and human-readable YAML combined with event-driven automation to deploy and configure complex IT systems. In addition to leveling-up vRealize Automation SaltStack Config, Salt can be found under the...
On February 23, 2021, VMware had released risk notices for the vCenter Server and ESXi. VMware fixed two high-risk vulnerabilities in ESXi and vSphere Client (HTML5). Malicious attackers with access to network ports can...
In an online study published this week, an anonymous security researcher claimed that they discovered that Brave Tor mode is sending queries for the .onion domain to public Internet DNS resolvers instead of Tor...
Recently, Google has released guidelines on coordinated vulnerability disclosure in open source projects, aiming to popularize knowledge related to open source security, which “was originally designed to help open source projects coming out of...
On February 9, 2021, Microsoft February Patch Tuesday fixes a local privilege escalation vulnerability (CVE-2021-1732) in Windows systems. Local attackers can use this vulnerability to elevate system privileges. This vulnerability is used by the...
NextGen Gallery is a WordPress plugin used to create image libraries. It currently has more than 800,000 valid installations. Recently, The development team of NextGen Gallery has now resolved the two serious CSRF vulnerabilities...
On February 9, 2021, Microsoft issued a risk notice for Windows TCP/IP remote code execution vulnerabilities. The vulnerability number is CVE-2021-24074. The vulnerability CVSS:3.0 score is 9.8 / 8.5. There is a remote code...
Apache Ambari is a software project of the Apache Software Foundation. Ambari enables system administrators to provision, manage and monitor a Hadoop cluster, and also to integrate Hadoop with the existing enterprise infrastructure. Ambari...
According to Claroty’s latest report, industrial control system vulnerabilities disclosed in the second half of 2020 increased by 25% year-on-year and 33% more than the first half of 2020. 71% of the disclosed industrial...
Previously, Google proposed a framework for responding to open source software vulnerabilities. After that, Google launched Open Source Vulnerabilities (OSV) project. OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping...
Microsoft has just launched Microsoft Edge 88.0.705.63 to users of the stable channel. This version is a security update mainly used to fix known security vulnerabilities. Earlier, the Microsoft security team and the Google...
