security hole

Vulnerabilities

Issued by: Security Week

Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux. The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and…

Vulnerabilities

Issued by: Security Week

The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in February this year. Tracked as CVE-2020-2501, this security hole is a stack-based buffer overflow that could be abused by remote attackers to execute code on an affected system, without authentication….

Vulnerabilities

Issued by: Security Week

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an…

Network Security

Issued by: Security Week

High Severity Flaw Patched in OpenSSL 1.1.0

A high severity denial-of-service (DoS) vulnerability was patched on Thursday in OpenSSL with the release of version 1.1.0e. The flaw, tracked as CVE-2017-3733, has been described as an “Encrypt-Then-Mac renegotiation crash.” The security hole, reported by Joe Orton of Red Hat on January 31, does not affect OpenSSL 1.0.2.

Vulnerabilities

Issued by: Security Week

Facebook Awards $40,000 Bounty for ImageTragick Hack

A researcher claims to have received a $40,000 bounty from Facebook for finding a remote code execution vulnerability introduced by the ImageMagick image processing suite. The said ImageMagick flaw, tracked as CVE-2016-3714 and dubbed “ImageTragick,” was disclosed in May 2016. The security hole had already been exploited in the wild and security firms soon started…