Security Advisories & Alerts


CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability

Description: A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To...

Read more


CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability

Description: An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems. CVE-2021-41355 impacts users of PowerShell 7.1.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh...

Read more


A Vulnerability in Microsoft MSHTML Could Allow for Remote Code Execution

DESCRIPTION:A vulnerability has been discovered in Microsoft MSHTML, which couldallow for remote code execution. MSHTML (also known as Trident) is theengine used for Internet Explorer. It is also used by Microsoft Officeapplications for rendering web based content. Successful exploitation ofthis vulnerability could result in remote code execution in the contextof...

Read more


A Vulnerability in Confluence Server and Data Center Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending...

Read more


Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for...

Read more


Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860

Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products.  An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the security...

Read more


A Vulnerability in Confluence Server and Data Center Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending...

Read more


Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending...

Read more


Multiple Vulnerabilities in Adobe Products Could Allow For Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Media Encoder,Adobe Bridge, Adobe Photoshop, Adobe XMP Toolkit SDK, and AdobeCaptivate, the most severe of which could allow for arbitrary codeexecution. * Adobe Media Encoder is software that provides media content over theinternet* Adobe Bridge is a digital asset management application* Adobe Photoshop...

Read more


Page 1 of 5812345...102030...Last »