SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Adobe Critical Security Updates September 2021
Adobe Critical Security Updates September 2021 fixes for 34 critical vulnerabilities in Adobe Acrobat and Reader, Premiere Pro, InCopy, etc. Moreover, a total of 52 security vulnerabilities have been patched in this release. Most of these vulnerabilities could lead to arbitrary code execution on suc...
CVE Research
Microsoft September Patch Tuesday Addresses 60 CVEs Including 3 Critical
Microsoft Patch Tuesday September 2021 security update fixes a total of 60 vulnerabilities, which include Three CVEs rated as critical and the rest rated as important. The products covered in September’s security update include Microsoft Office, Windows Common Log File System Driver, Windows Print S...
CVE Research
From Vulnerability Detection to Remediation: The SanerNow Way
According to Gartner, vulnerabilities are the prime cause of the majority of security breaches today. Although most of these are not zero days, the firm says that the security teams and IT professionals will already know most of the exploited vulnerabilities. A big question arises now on why securit...
CVE Research
Zoho Patches Critical Zero-day Flaw in its ADSelfService plus Exploited in The Wild
Zoho Patches Critical Zero-day Flaw in ADSelfService to patch a remote code execution (RCE) vulnerability existing in Zoho ADSelfService plus. The vulnerability allows the execution of unauthenticated remote arbitrary code on the affected systems. A vulnerability management solution can remediate th...
CVE Research
Netgear Patches High Severity Flaws In Its Smart Switches
Netgear is a multinational computer networking company that produces networking hardware for consumers, businesses, and service providers. Netgear identified three high severity vulnerabilities and patched them recently, affecting its wide range of products. Most of these affected products are smart...
CVE Research
A Critical Vulnerability in Atlassian Confluence Server Under Active Exploitation
Atlassian Confluence recently published a security advisory to patch a critical OGNL(Object-Graph Navigation Language) injection vulnerability existing in Confluence Server and Data Center instance. This vulnerability allowed authenticated and, in some instances, even unauthenticated users to execu...
CVE Research
VMware Releases Security Update for Multiple Products
VMware, the virtualization giant, has patched six vulnerabilities, including 4 high severity vulnerabilities, in its recent security update VMSA-2021-0018. The vulnerabilities tracked as CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027 are affecting the ...
CVE Research
Sophos UTM Creating a ‘Big’ Bounty with Remote Code Execution Flaw
A critical and high severity remote code execution vulnerability CVE-2020-25223 with CVSS 3. x severe base score 9.8 is present in Sophos SG UTM. Sophos reported this vulnerability on September 18, 2020, in their Advisory. A reliable vulnerability management tool can help to combat these vulnerabil...
CVE Research
Microsoft Exchange Servers Actively Under Exploitation Via ProxyShell Vulnerabilities
Microsoft Exchange Servers are actively exploited in the wild by various threat actors. Attackers are looking for vulnerable instances of Microsoft Exchange Servers and exploiting them via ProxyShell vulnerabilities. ProxyShell is the name given to the set of three vulnerabilities existing in Micros...