Monthly Vulners Review #3

Monthly review for the first time in four sections. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities and exploits Bitdefender fixed the vulnerability in SafePay, a secure browser designed to protect sensitive online transactions, such as online banking and electronic purchases. Exploitation of vulnerability CVE-2020-8102 allows an attacker to remotely execute commands in the context of a user on a … Continue reading Monthly Vulners Review #3

Vulners weekly digest #12

This week Vulners integrated with data about Android vulnerabilities! Already available at Vulners DB: https://vulners.com/search?query=type:android There's a lot more interesting news this week:Combo of the VulnerabilitiesSerious toolsSome unusual news.And very briefly on fresh research Vulnerabilities CVE-2020-1206 We already mentioned SMBleed in the last digest. This week, we managed to find some research on the subject. … Continue reading Vulners weekly digest #12

Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices

Vulners weekly digest #11

4 sections:VulnerabilitiesToolsNewsResearches (red teaming, threat hunting, malware) Vulnerabilities June's "the second Tuesday patch" has become the largest in the history of Microsoft. The patches fix 129 vulnerabilities – the maximum number of security issues ever closed by Microsoft in a single "fix Tuesday". However, despite the number of vulnerabilities, none of them is a zero-day … Continue reading Vulners weekly digest #11

Vulners weekly digest #10

Default 4 sections:VulnerabilitiesToolsNewsThreat hunting and malware research Vulnerabilities Apple has released updates to fix a CVE-2020-9859 that was used to jailbreak an iPhone with iOS 13.5. The vulnerability affects the iOS kernel and can allow an application to execute arbitrary code with kernel privileges. https://vulners.com/apple/APPLE:HT211214 CVE-2020-2883 in the Oracle WebLogic Server product of Oracle Fusion … Continue reading Vulners weekly digest #10

Vulners weekly digest #9

Four NO traditional sections in our weekly digest. Enjoy! Vulnerabilities and additional info LPE Windows CVE-2019-0880 Detailed research CVE-2019-0880 without exploit. Zero day? https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html According to my tests, this bug seems to be still working against a full-patched Windows 7 system and for this reason I chose not to publish the exploit code. Research story … Continue reading Vulners weekly digest #9