patch

Cloud Security

Issued by: Security Week

The vulnerability was found by security researcher Imre Rad, who disclosed his findings last week on the Full Disclosure mailing list. Rad found the vulnerability in Extensible Service Proxy (ESP), an open source, Nginx-based proxy that enables API management capabilities for JSON/REST or gRPC API services. Its features include authentication, monitoring and logging. ESP is…

Vulnerabilities

Issued by: Security Week

The exploited vulnerabilities include CVE-2021-37975, a high-severity use-after-free bug in the V8 engine, and CVE-2021-37976, a medium-severity information leak issue in the core. Both were reported last week. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” the Internet search giant says. Now rolling out to Windows, Mac and Linux users…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. The enterprise-grade real-time malware detection solution provides virus, spyware and rootkit protection for servers, while also automating security operations. Also packing cleanup capabilities, the software features support for…

Vulnerabilities

Issued by: Security Week

Siemens Siemens has released 21 new advisories and updated 25 previously published advisories. The new advisories cover 36 vulnerabilities, including five that have been assigned a critical severity rating. One of the critical flaws, with a CVSS score of 10, impacts the Desigo CC building management platform and the Cerberus danger management station (DMS). The…

Vulnerabilities

Issued by: Security Week

The most important of the newly released security notes patches a missing authorization check in SAP NetWeaver Application Server for Java. Tracked as CVE-2021-37535, the vulnerability has a CVSS score of 10. Two other critical vulnerabilities (CVSS score of 9.9) were addressed with Hot News security notes for NetWeaver. These include CVE-2021-38163, an unrestricted file…

Vulnerabilities

Issued by: Security Week

The flaw, tracked as CVE-2021-25218, affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions ​​9.16.20, 9.17.17 and 9.16.20-S1. Workarounds are also available. It’s worth noting that while the existence of the vulnerability was made public on August 18, customers received a notification one week in advance. The vulnerability can be exploited remotely…

Vulnerabilities

Issued by: Security Week

Disclosed in late July, PetitPotam is a remote code execution vulnerability (CVE-2021-36942) that abuses the Encrypting File System Remote (MS-EFSRPC) protocol. An attacker exploiting the bug could get a targeted server to connect to an attacker-controlled server and perform NTLM authentication. The attacker could then use other exploits to take complete control of a Windows…

Vulnerabilities

Issued by: Security Week

The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…