SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Thousands of VMware Centers Exposed to New Remote Code Execution Vulnerability
The CVE-2021-21972 remote code execution vulnerability was reported by Mikhail Klyuchnikov from Positive Technologies. A vulnerability management tool discovered this. The organization also published a detailed write-up for this vulnerability to share the impact of the flaw.
CVE Research
QNAP Patches Critical Vulnerabilities in NAS Appliances
QNAP addresses multiple vulnerabilities in its product line affecting Surveillance Station and Photo Station applications using a vulnerability management tool. These vulnerable software applications are powered by Network Attached Storage (NAS), a storage management technology powering file sharing...
CVE Research
Adobe Fixes Critical Zero-Day Flaw Actively Exploited in the Wild – Security Updates February 2021
Adobe Security updates February 2021 released security updates providing fixes for 33 critical vulnerabilities in Adobe Magento, Adobe Acrobat, Reader, Photoshop, Animate, Illustrator, and Dreamweaver. A total of 50 security vulnerabilities are patched in this release. The patched vulnerabilities ar...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for February 2021
Microsoft has roll-out its February 2021 patch Tuesday security updates on this month’s for 56 vulnerabilities, including a zero-day in its product line. Released patches include products such as Windows operating system, Edge browser, Microsoft Office, and services. Out of these, 11 are classified ...
CVE Research
5 Setbacks of Multi-Tool Endpoint Security Stacks
An average IT team uses a vast collection of tools and techniques to execute security tasks. A vulnerability management tool, patching tools for different platforms and apps, incident detection and response software, and compliance management software to deal with audits. These tools are their stand...
CVE Research
Cisco Releases Security Updates for Multiple Products
Cisco Security Updates February 2021 has been released address high severity vulnerabilities for twelve different Cisco products using a patch management tool. Exploit on some of these vulnerabilities allow an unauthenticated attacker to execute code with root privileges remotely.
CVE Research
Three More Potential Vulnerabilities Found In SolarWinds Software!
Three new security vulnerabilities have recently been identified in various SolarWinds products. Three of the vulnerabilities are severe, and the most critical of them allows remote code execution with high privileges. A vulnerability management tool discovered these critical vulnerabilities. Martin...
CVE Research
SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild
The Sonicwall Zero day Attack. NCC Group recently reported that an active zero-day SonicWall SMA 100 zero-day vulnerability being exploited in the wild. Sonicwall commented that it affects the SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) line of remote access appliances. However, bo...
CVE Research
Heap-Based Buffer Overflow in Sudo Allows Attackers to Gain Root Privileges
The Vulnerability (CVE-2021-3156) exists in Sudo, a powerful utility to run programs with the security privileges of another user. The heap-based buffer overflow could allow an unprivileged local user to gain root privileges without any authentication on the affected systems. A vulnerability managem...