SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
VMware Fixes Critical Bugs that Can Be Chained Together to Gain RCE
VMware, the virtualization giant, has released two advisories addressing three critical vulnerabilities in multiple products. VMSA-2021-0004 advisory fixes CVE-2021-21975, CVE-2021-21983 can be chained together to gain remote code execution (RCE) on the affected system. The other, VMSA-2021-0005 adv...
CVE Research
OpenSSL Patches Two High Severity Crypto Vulnerabilities
Two high-severity vulnerabilities were recently revealed to be present in the popular cryptography library, OpenSSL. While one of the vulnerabilities can allow an attacker to bypass CA Certificate checks, the other could lead to a Denial of Service (DoS) condition. However, a vulnerability managemen...
CVE Research
Cisco Releases Security Updates for Multiple Products
Cisco has rolled out security patches for critical, high, and medium severity vulnerabilities. In the Advisory, Cisco Security Updates March 2021, released for Cisco Jabber Desktop and Mobile Client Software has been rated with Critical impact from Cisco. Among the bugs reported, some of the vulner...
CVE Research
Critical Code Execution Vulnerability in Adobe ColdFusion
Adobe has released a critical security update that impacted Adobe ColdFusion and is assigned with a priority rating of 2. The Adobe Coldfusion Exploit found in the product affects ColdFusion versions 2016, 2018, and 2021 that would lead to arbitrary code execution. Using a patch management tool can ...
CVE Research
Critical Remote Code Execution Vulnerabilities in MyBB Forum Software
Two critical vulnerabilities have been found in popular bulletin board software called MyBB. The vulnerabilities can be chained together to get remote code execution without prior access to a privileged account. The independent security researchers Simon Scannell and Carl Smith found the flaws. They...
CVE Research
Another Zero-Day in Google Chrome Under Active Exploitation
Google has released a second emergency update for its Chrome Browser this month. Chrome version 89.0.4389.90 for Windows, Mac, and Linux fix five security bugs, one of which is an actively exploited zero-day issue (identified by CVE-2021-21193) which is a Use after free in Chrome’s Blink rendering e...
CVE Research
Patch Tuesday: The Fix You cannot Miss
How many times have you blissfully ignored the update notification and clicked on “remind me later”? Yes, in the busy life, the severity of the updates goes unnoticed, and it often becomes the Achilles heel in the ‘trojan’ war. Patching and securing the endpoints has become a supreme task over the y...
CVE Research
Multiple Zero-Days in Microsoft Exchange Server Actively Exploited in the Wild
Microsoft has released patches for Exchange Server. The advisory addresses the following vulnerabilities – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft has also reported that zero-day exploits were being used to attack Microsoft Exchange Server in the wild. Microsoft...
CVE Research
Google Chrome Zero-Day Under Active Exploitation
Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing 47 security vulnerabilities. This release includes one very critical Zero-Day exploit exploited in the wild. This vulnerability tracked as CVE-2021-21166. However, Endpoints that have not been patched...