Vulnerability Update Posts | CW Enterprises

Security Vulnerability updates on leading operating systems, software, web apps aggregated from the internet.

Gab's CTO Introduced a Critical Vulnerability to the Site

3rd March 2021Dan Goodin

A review of the open source code shows an account under the executive’s name made a mistake that could lead to the kind [...]

New PDF Vulnerability Let Attackers Bypass the Signature Validation in PDF and Replace Content

25th February 2021GURUBARAN S

A team of researchers from the Ruhr-University Bochum in Germany has reported the attacks bypassing the signature validation in PDF. Digitally signed PDFs [...]

Researcher Reports Vulnerability in Apple iCloud Domain

22nd February 2021Dark Reading Staff

A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000. Source: Dark Reading – Threat Intelligence – [...]

SonicWall Confirms Zero-Day Vulnerability

2nd February 2021Dark Reading Staff

The confirmation arrives as researchers with NCC Group detect a SonicWall zero-day flaw under active attack. Source: Dark Reading – Threat Intelligence [...]

WordPress Easy WP SMTP zero-day Vulnerability Exposes Hundreds of Thousands of Sites to Hack

14th December 2020GURUBARAN S

Easy WP SMTP, a WordPress plugin, with more than 500,000 installations, allows one to configure and send all outgoing mails via a SMTP [...]

NSA Warns of Exploits Targeting Recently Disclosed VMware Vulnerability

7th December 2020Jai Vijayan Contributing Writer

Agency urges organizations to deploy patch as soon as possible since exploit activity is hard to detect. Source: Dark Reading – Threat [...]

Critical Oracle WebLogic Vulnerability Flaw Actively Exploited by DarkIRC Malware

3rd December 2020GURUBARAN S

Juniper Threat Labs researchers observed active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution. [...]

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

19th November 2020Becky Bracken

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. Source: Threat Post – [...]

Cisco AnyConnect VPN zero-day Vulnerability, Exploit Code Available

5th November 2020GURUBARAN S

Cisco, the California based tech giant, has identified and disclosed a vulnerability via advisory CVE-2020-3556, regarding the InterProcess Communication (IPC) channel of Cisco [...]

Oracle Issues Out-of-Band Update for Remote-Access Vulnerability

3rd November 2020Dark Reading Staff

The exploit could give an attacker complete control of vulnerable WebLogic servers. Source: Dark Reading – Threat Intelligence – Oracle Issues Out-of-Band [...]