Uncategorized

Remote attacker could potentially exploit google Chrome

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-4102 Detail: Analysis Description Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

MS patch updates: prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 51 vulnerabilities across its large collection of hardware and software. With zero critical vulnerabilities announced. Nothing has been exploited in the wild as of yet and MS hasn’t released any to the public so far. with four similar CVE’s to keep an eye on including CVE-2022-21997, CVE-2022-21999 …

MS patch updates: prominent vulnerabilities Read More »

CVE-2021-41379Win Install File Takeover

Windows Installer Elevation of Privilege Vulnerability Hyperlink Resource https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379 Patch  Vendor Advisory  https://www.zerodayinitiative.com/advisories/ZDI-21-1308/ Third Party Advisory  Weakness Enumeration CWE-ID CWE Name Source CWE-269 Improper Privilege Management NIST   Known Affected Software Configurations Switch to CPE 2.2 Configuration 1 ( hide )  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*   Show Matching CPE(s)  cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*   Show Matching CPE(s) …

CVE-2021-41379Win Install File Takeover Read More »

Use-after-free in Google Chrome could lead to code execution

Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in a specific object in the browser that’s responsible for creating streams of audio and video. (CVE-2021-38008) is a use-after-free vulnerability that triggers …

Use-after-free in Google Chrome could lead to code execution Read More »

Vulnerability in the MySQL Cluster Product

CVE-2022-21289 Detail Current Description Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where …

Vulnerability in the MySQL Cluster Product Read More »

ISC Stormcast For Wednesday, September 29th, 2021

TLS 1.3 and SSL: The Current State of Affairshttps://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Pluginhttps://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallethttps://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigationshttps://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155