SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Cisco IOS XR Zero Day Vulnerabilities Being Actively Exploited in the Wild
The high severity zero-day vulnerabilities found in Cisco IOS XR – An Internetwork Operating System (IOS) that shipped with Cisco’s networking equipment. The vulnerabilities allow an unauthenticated, remote attacker to exhaust process memory. And crash the other processes running on the affected dev...
CVE Research
High-Severity Remote Code Execution Vulnerability in Google Chrome
A high-severity ‘use-after-free vulnerability tracked as CVE-2020-6492 with a CVSSv3 base score of 8.3 exists in WebGL [Web Graphics Library] component of the Google Chrome web browser that could be used to execute arbitrary code in the context of the browser process.
CVE Research
Critical Jenkins Vulnerability can Cause Memory Corruption and Disclose Sensitive Information
Jenkins, an open-source automation server software released an advisory pertaining to a critical vulnerability present in its application. Jenkins enables developers to build, test, and deploy applications. This vulnerability tracked as CVE-2019-17638 using a vulnerability scanning tool when exploi...
CVE Research
High-Risk Vulnerability in TeamViewer Could be Exploited to Crack Users’ Password
The discovery of a high-risk vulnerability was in TeamViewer for Windows. It has a tracking as “CVE-2020-13699“, with a CVSS base score of “8.8,” in which exploits can happen by remote attacks to crack users’ passwords and, thereupon, lead to further system exploitation. Vulnerability Management Sof...
CVE Research
Billions of Linux and Windows Systems at Risk due to Critical GRUB2 Vulnerabilities
A team of cybersecurity researchers found multiple vulnerabilities that affect billions of devices that run on either Windows or Linux. Affected devices include laptops, servers, workstations, or even IoT devices. Boot hole vulnerabilities affect Linux and other Operating Systems using GRUB@ boot lo...
CVE Research
3 Years of WannaCry: Millions of Endpoints Are Still Vulnerable Out There!
Are you aware of the worst cyberattack of 2017, the WannaCry ransomware attack? WannaCry was one of the worst-hit ransomware attacks that surfaced around May 2017 in Asia. The malware spread like wildfire and infected more than 230,000 computers in a day. The WannaCry attack mainly affected the Wind...
CVE Research
Cisco Read-Only Path Traversal Vulnerability (CVE-2020-3452)
Cisco has released a Security Advisory for the actively exploited worldwide CVE-2020-3452. Cisco Read-Only Path Traversal Vulnerability in the web services interface of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attac...
CVE Research
Latest Trends in IT Security Software
The worldwide web is arguably the best source of information and opportunities currently. On the other hand, there are countless threats looming at every nook and cranny of the web as well. The truth is that everyone is at risk when going online. This includes private individuals, small businesses, ...
CVE Research
SIGRed – Microsoft Windows DNS Server RCE Vulnerability (CVE-2020-1350)
A critical and wormable 17 years-old vulnerability (CVE-2020-1350) has been discovered in Microsoft Windows DNS Servers which can allow an attacker to run arbitrary code on the vulnerable system. The vulnerability is identified as CVE-2020-1350 and resides in the way how DNS Server parses incoming q...