Author: Obaid R

0

Critical Jenkins Vulnerability can Cause Memory Corruption and Disclose Sensitive Information

Jenkins, an open-source automation server software released an advisory pertaining to a critical vulnerability present in its application. Jenkins enables developers to build, test, and deploy applications. This vulnerability tracked as  CVE-2019-17638 when exploited can result in memory corruption and can disclose sensitive information. It allows any unauthenticated attacker to obtain sensitive information via response […]

Read More →
0

Billions of Linux and Windows Systems at Risk due to Critical GRUB2 Vulnerabilities

  A team of cybersecurity researchers found multiple vulnerabilities that affect billions of devices that run on either Windows or Linux. Affected devices include laptops, servers, workstations, or even IoT devices. GRUB2 boot loader, which is not only used by Linux but other Operating Systems where Secure Boot trusts the 3rd-party UEFI CA, is affected […]

Read More →
0

Microsoft HEVC emergency security updates for critical RCE vulnerabilities

Microsoft has released patches to fix two remote code execution vulnerabilities in Microsoft Windows Codecs Library. HEVC or Windows codecs library is responsible for handling large media files and decoding them for playback. HEVC is used by developers as it supports a multitude of different file formats. This Windows Extension is designed to take advantage […]

Read More →
0

Adobe Releases Critical Security Updates June 2020

  Adobe has released critical security updates to its products like Adobe After Effects, Illustrator 2020, Adobe Campaign Classic, and others in order to patch multiple critical vulnerabilities which can lead to arbitrary code execution and information disclosure. This month’s release consists of 19 vulnerabilities addressed in 6 advisories: 19 vulnerabilities of which 18 are […]

Read More →
0

Critical Code Execution Vulnerabilities in Zoom Client Application

Two critical vulnerabilities were recently disclosed by Cisco Talos in the widely used video conferencing software Zoom. It can be exploited by a remote attacker who can hack into the host’s machine and can execute arbitrary code. Given the current scenario of the COVID-19 pandemic, several companies have substantially incorporated the use of video conferencing […]

Read More →
0

Oracle Critical Updates April 2020

Oracle has released 397 new security patches as a part of their quarterly update cycle, out of which 262 vulnerabilities are remotely exploitable without user authentication. Oracle MySQL received 45 security patches of which 9 of the vulnerabilities allow an attacker to remotely exploit machines without the need for user authentication. A few CVE’s if […]

Read More →
0

Apple Security Updates March 2020 and Adobe Creative Cloud Critical Security Update

Apple released security updates for multiple products today. A total of 49 vulnerabilities were addressed. The exploitation of some of these security flaws could allow an attacker to take control of an affected system. Adobe also released an out-of-band security update for critical arbitrary file deletion vulnerability in Creative Cloud. Critical vulnerabilities in Apple products […]

Read More →
0

CDPwn: Critical Zero day flaws affecting millions of Cisco Devices.

Fig 1: Image credit: zdnet.com Armis Security Inc., a cybersecurity firm based in United States, has discovered five critical vulnerabilities in a networking protocol developed by Cisco. These flaws could enable hackers to target virtually all devices, from data center switches to cameras and IP phones worldwide. These vulnerabilities were disclosed when Cisco released fixes […]

Read More →