Vulnerabilities

New Vulnerabilities, Latest Software Vulnerabilities, New CVE, Recent Vulnerability, Exploit POCs, Proof Of Concept. Latest Security Vulnerabilities

Zero-day

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

In response to a heap buffer overflow vulnerability, Google has released a security update for the desktop versions of Google Chrome for Windows, Linux, and Mac. The Chrome vulnerability is already being used in the wild, claims Google’s own blog. This is the eighth time this year that a Google Chrome zero-day vulnerability has been …

Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year Read More »

InfoSec News Feeds

Google Pixel Bug nets security researcher a whopping $70k bounty

Just your average information security researcher from Delaware US.

A security researcher whose Google Pixel battery died while he was composing a text message is probably grateful for the interruption, as turning it back on allowed him to find a lock screen bypass flaw that earned him a $70,000 bounty from Google. The vulnerability, which has since been fixed, would have allowed anyone with …

Google Pixel Bug nets security researcher a whopping $70k bounty Read More »

Fixing indirect vulnerabilities without breaking your dependency tree

Debian: DSA-5277-1: php7.4 Multiple Security Issues

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

SUMMARY Multiple security issues were discovered in PHP, a widely-used opensource general purpose scripting language which could result an denialof service, information disclosure, insecure cooking handling orpotentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed inversion 7.4.33-1+deb11u1. We recommend that you upgrade your php7.4 packages. For the detailed …

Debian: DSA-5277-1: php7.4 Multiple Security Issues Read More »

cyber security, technology, network-3374252.jpg

Debian: DSA-5278-1: xorg-server Buffer OverflowSecurity Update

Just your average information security researcher from Delaware US.

SUMMARY It was discovered that a buffer overflow in the _getCountedString()function of the Xorg X server may result in denial of service orpotentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed inversion 2:1.20.11-1+deb11u3. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server …

Debian: DSA-5278-1: xorg-server Buffer OverflowSecurity Update Read More »

Remote code execution

Open Web Analytics RCE 1.7.3 – Remote Code Execution

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Vulnerability was discovered in Open Web Analytics, by Security Researcher Yerodin Richards,the vulnerability, an RCE (Remote code execution) affects versions <1.7.4. Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today. …

Open Web Analytics RCE 1.7.3 – Remote Code Execution Read More »

Remote code execution

SmartRG Remote Code Execution: SR510n 2.6.13

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A Vulnerability was discovered in SmartRG Router, by Security Researcher Yerodin Richards,the vulnerability, an RCE (Remote code execution) affects versions 2.5.15 / 2.6.13. Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter …

SmartRG Remote Code Execution: SR510n 2.6.13 Read More »

Fixing indirect vulnerabilities without breaking your dependency tree

VMware fixes three critical flaws in Workspace ONE Assist

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

VMware has released security updates to address three critical vulnerabilities impacting the Workspace ONE Assist product. Remote attackers can exploit the vulnerabilities to bypass authentication and elevate privileges to admin. Workspace ONE Assist allows IT staff to remotely access and troubleshoot devices in real-time from the Workspace ONE console. The first issue, tracked as CVE-2022-31685 (CVSSv3 …

VMware fixes three critical flaws in Workspace ONE Assist Read More »

Microsoft

Microsoft fixes Critical Bugs under attack

Just your average information security researcher from Delaware US.

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They can craft a malicious …

Microsoft fixes Critical Bugs under attack Read More »

CVE

OpenSSL fixed two high-severity vulnerabilities

Just your average information security researcher from Delaware US.

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation of the Secure Sockets Layer (SSL) and Transport …

OpenSSL fixed two high-severity vulnerabilities Read More »

Vulnerability

‘CosMiss’ vulnerability found in Microsoft Azure developer tool

Just your average information security researcher from Delaware US.

Microsoft addressed a vulnerability affecting a tool used by developers within its Azure cloud computing service, according to researchers from the tech giant and cybersecurity firm Orca Security. Both released a report on Tuesday outlining a vulnerability dubbed “CosMiss” in Jupyter Notebooks for Azure Cosmos DB — an open-source interactive developer environment allowing users to …

‘CosMiss’ vulnerability found in Microsoft Azure developer tool Read More »