A vulnerability was found in VMware ESXi and vCenter Server (Server Management Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Authentication Service. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is […]
ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following ISC advisories for more information and to apply the necessary […]
On August 19, 2020, The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) publicly released a Malware Analysis Report (MAR) and associated samples labeled BLINDINGCAN. The information contained in the report is the result of analytic efforts between the Department of Homeland Security (DHS) and the FBI to provide technical […]
IBM researchers have discovered a new IoT vulnerability that can be exploited remotely. The manufacturer, Thales, has made a patch available for CVE-2020-15858 to customers and X-Force Red has been working together to ensure users are aware of the patch and taking steps to secure their systems. Thales confirmed that this vulnerability affects other modules […]
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated […]
A Zero-day vulnerability has been affecting the Chromium-based browsers like Chrome, Opera, Edge – on Windows, Mac, and Android. And more importantly, they are allowing the attackers to completely bypass the CSP rules on Chrome versions 73 (March 2019) through 83 (July 2020). CSP is a skill that has a set of rules that are […]
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieveinformation that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. Successful exploitation of this vulnerability would allow a remote attacker to […]
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this […]
A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. This allows an attacker to run malicious code and take over forums without needing to authenticate on the sites that are under attack. The unidentified security […]
A vulnerability has been discovered in TeamViewer, which could allow for offline password cracking. TeamViewer is a program used for remote control, desktop sharing, online meetings, web conferencing, and file transfer between systems. Successful exploitation of this vulnerability could allow an attacker to launch TeamViewer with arbitrary parameters. The program could be forced to relay […]
