Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

patch flaw vulnerability

ZyXEL NAS devices receive critical firmware patch

The Software Engineering Institute CERT Coordination Center advised that several ZyXEL network-attached storage devices contain a pre-authentication command injection vulnerability. CVE-2020-9054, if exploited, could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. The problem is it uses the weblogin.cgi CGI executable for authentication and that program fails to properly sanitize…

GoogleChromeUpdate

Google issues Chrome update patching possible zero day

Google issued a patch for CVE-2020-6418 that is currently being exploited in the wild. The vulnerability is a confusion vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine and rated as a “high” threat by Google. “Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild,” Google stated. Tenable researchers…

Adobe, VMWare issue patches for critical vulnerabilities

Adobe and VMWare pushed out a critical out-of-band updates for After Effects and vRealize Operations for Horizon Adapter which if exploited could lead to arbitrary code execution. The Adobe issue, CVE-2020-3765, is an out-of-bounds write vulnerability affecting After Effects version 16.1.2 and earlier versions for Windows. Adobe is recommending that Admin’s update to version 17.0.3…

Mozilla issues patches for Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5

Mozilla today pushed out nine patches today covering three products Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5. Firefox 73 had six vulnerabilities with CVE-2020-6796, CVE-2020-6800 and CVE-2020-6801 regarded as having a high impact. The first is a missing bounds check that could cause a memory corruption and a potentially exploitable crash. The second and…

IBM

Critical vulnerability found in IBM ServeRAID Manager

IBM issued an advisory for a critical vulnerability in its now unsupported ServeRAID Manager product that could lead to arbitrary code execution. The warning carries a CVSS rating of 9.3 for CVE-2011-3556 and covers ServeRAID Manager Java version 1.4.2. The problem lies in the fact that ServeRAID Manager runs with system privileges on Microsoft Windows…

patch flaw vulnerability

Adobe Patch Tuesday: Critical vulnerabilities in Flash Player, Framemaker patched

Adobe conducted a large-scale rollout of security updates for a variety of its products for February Patch Tuesday, including a critical patch for Flash Player that if exploited could result in arbitrary code execution in the context of the current user. Joining Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader and DC,…

Dell patches SupportAssist vulnerability

Dell is reporting a high-rated vulnerability in its SupportAssist for business and home PCs that could result in remote code execution. CVE-2020-5316 affects business PC versions 2.0 through 2.1.3 and home PC versions 2.0 through 3.4. Each contain an uncontrolled search path vulnerability that can be exploited by a locally authenticated low-privileged user to cause…

Google patches Bluetooth vulnerability impacting most Android devices

Google has issued a critical security update for Android that affects the Bluetooth functionality on about two-thirds of all Android devices now in use. The vulnerability, CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0) and can allow remote code execution without any user interaction. The flaw was found and reported to…

Next post in Vulnerabilities