vulnerabilities

Vulnerabilities

Issued by: Security Week

The companies have released patches and mitigations to address these vulnerabilities. Siemens Siemens has released 5 new advisories covering 33 vulnerabilities. The company informed customers that an update for its SINEC network management system patches 15 flaws, including ones that can be exploited for arbitrary code execution. While some of them have been assigned a…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. The flaw, described as a use-after-free bug in Garbage Collection, was reported last month by an anonymous researcher. Google says it paid a $10,000 bounty reward for the finding. Now rolling out to…

Vulnerabilities

Issued by: Security Week

Successful exploitation of these vulnerabilities could allow attackers to cause a denial of service (DoS) condition, execute arbitrary commands as root, or elevate privileges. Two high-severity issues (CVE-2021-34779, CVE-2021-34780) were found in the Link Layer Discovery Protocol (LLDP) implementation for Small Business 220 series smart switches, leading to the execution of arbitrary code and a…

Vulnerabilities

Issued by: Security Week

The ESET discovery is the second real-world UEFI bootkit to be publicly documented in recent weeks, following Kaspersky’s report on a new Windows UEFI bootloader fitted into the FinSpy surveillance spyware product. According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass…

Application Security

Issued by: Security Week

The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. Committed to boost the security of the open source ecosystem, the Internet search giant recently pledged $100 million in support for projects that aim to fix vulnerabilities in open source…

Vulnerabilities

Issued by: Security Week

The PoC exploit targets CVE-2021-1810, a vulnerability that can lead to the bypass of all three protections that Apple implemented against malicious file downloads, namely file quarantine, Gatekeeper, and notarization. This issue was found in the Archive Utility component of macOS Big Sur and Catalina and can be exploited using a specially crafted ZIP file….

Cloud Security

Issued by: Security Week

The vulnerability was found by security researcher Imre Rad, who disclosed his findings last week on the Full Disclosure mailing list. Rad found the vulnerability in Extensible Service Proxy (ESP), an open source, Nginx-based proxy that enables API management capabilities for JSON/REST or gRPC API services. Its features include authentication, monitoring and logging. ESP is…

Vulnerabilities

Issued by: Security Week

The exploited vulnerabilities include CVE-2021-37975, a high-severity use-after-free bug in the V8 engine, and CVE-2021-37976, a medium-severity information leak issue in the core. Both were reported last week. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” the Internet search giant says. Now rolling out to Windows, Mac and Linux users…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. The enterprise-grade real-time malware detection solution provides virus, spyware and rootkit protection for servers, while also automating security operations. Also packing cleanup capabilities, the software features support for…