scottbolen@dreamstatedigital.com

Remote attacker could potentially exploit google Chrome

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-4102 Detail: Analysis Description Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

MS patch updates: prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. With zero critical vulnerabilities announced. Nothing has been exploited in the wild as of yet and MS hasn’t released any to the public so far. with four similar CVE’s to keep an eye on including CVE-2022-21997, CVE-2022-21999 …

MS patch updates: prominent vulnerabilities Read More »

CVE-2021-41379Win Install File Takeover

Windows Installer Elevation of Privilege Vulnerability Hyperlink Resource https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379 Patch  Vendor Advisory  https://www.zerodayinitiative.com/advisories/ZDI-21-1308/ Third Party Advisory  Weakness Enumeration CWE-ID CWE Name Source CWE-269 Improper Privilege Management NIST   Known Affected Software Configurations Switch to CPE 2.2 Configuration 1 ( hide )  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*   Show Matching CPE(s) …

CVE-2021-41379Win Install File Takeover Read More »

Use-after-free in Google Chrome could lead to code execution

Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in a specific object in the browser that’s responsible for creating streams of audio and video. (CVE-2021-38008) is a use-after-free vulnerability that triggers …

Use-after-free in Google Chrome could lead to code execution Read More »

Memory corruption and use-after-free vulnerabilities in Foxit PDF Reader

Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms. These vulnerabilities could be triggered if an attacker tricks a user into opening a specially crafted, malicious PDF file, or open the file in a …

Memory corruption and use-after-free vulnerabilities in Foxit PDF Reader Read More »

Vulnerability in the MySQL Cluster Product

CVE-2022-21289 Detail Current Description Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where …

Vulnerability in the MySQL Cluster Product Read More »

MoonBounce the latest Dangerous Firmware-Level Rootkit discovered

Researchers Discover Dangerous Firmware-Level Rootkit MoonBounce is the latest in a small but growing number of implants found hidden in a computer’s Unified Extensible Firmware Interface (UEFI). Kaspersky researchers recently discovered the latest example of such a threat hidden deep within the Unified Extensible Firmware Interface (UEFI) firmware of a computer at a customer location. …

MoonBounce the latest Dangerous Firmware-Level Rootkit discovered Read More »

Oracle Financial Services Analytical Applications CVE-2021-35686

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized …

Oracle Financial Services Analytical Applications CVE-2021-35686 Read More »