Microsoft publicizes November Patch Tuesday security updates today, fixing 74 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and related products. Out of these, 13 are classified as “Critical” and 61 as “Important”. Amongst the 13 Critical vulnerabilities, there is one vulnerability in Internet Explorer which is under the radar of […]

Read More →

PHP FPM (FastCGI Process Manager) is an advanced PHP FastCGI implementation with added features and is very useful for heavily loaded sites. A vulnerability was discovered in PHP FPM which has been exploited in-the-wild. NGINX servers with PHP-FPM are found to be vulnerable. The vulnerability is tracked as CVE-2019-11043 and classified as buffer underflow (CWE-124). […]

Read More →

iTerm2 is one of the most popular macOS terminal emulator and is a default choice for developers and administrators due to its extensive features like windows transparency, full-screen mode, notifications, integration with tmux etc. A critical remote code execution vulnerability has been discovered in iTerm2 by Radically Open Security, as part of an independent security […]

Read More →

Microsoft has released out-of-band security updates to fix a critical remote code execution vulnerability in Microsoft Internet Explorer being exploited in-the-wild and a denial of service vulnerability in Microsoft Defender. CVE-2019-1367 is a zero-day  remote code execution vulnerability that exists in the way the scripting engine in Internet Explorer handles objects in memory. This is […]

Read More →

SQLite is a cross-platform relational database management system. It is known to be the most used database engine in the world. The vendor claims that there are billions of deployments of SQLite and is used by several applications like Skype, Firefox, Chrome, Safari, etc. Researchers showcased how SQL language can be used to exploit the […]

Read More →

image credit: blogs.oracle.com Oracle has released an out-of-band security update to address a critical vulnerability in Oracle WebLogic Server. A deserialization flaw allows remote code execution and is tracked with CVE-2019-2729. This vulnerability is rated critical and is found to be exploited in-the-wild. The vulnerability exists due to a deserialization flaw in XMLDecoder in Oracle […]

Read More →