Ubuntu OverlayFS module Vulnerabilities
Researchers have discovered that two Linux vulnerabilities in Ubuntu kernel pave the way for unprivileged local users to gain elevated privileges on a massive number of devices. The first vulnerability…
Microsoft Message Queue Service Vulnerabilities
Researchers from Fortinet have discovered three vulnerabilities within the Microsoft Message Queuing (MSMQ) service – a proprietary messaging protocol designed to enable secure communication between applications running on separate computers.…
CISA KEV Update Part V – April 2023
The U.S. CISA added three security flaws to its Known Exploited Vulnerabilities KEV ctalog, based on evidence of active exploitation. The vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) -…
Lacework Risk Management Offering
Lacework has added a new vulnerability risk management capability to its cloud-native application protection. The new offering will combine active package detection, attack path analysis, and in-house data on active…
CISA KEV Update Part III – April 2023
The US CISA added the following five new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability. Android Framework contains an unspecified vulnerability that allows for privilege…
Google Project Zero Exposed Vulnerabilities in Samsung Exynos Chips
Google Project Zero has discovered 18 vulnerabilities in mobile and auto chips made by Samsung Electronics and disclosed them earlier this week According to Google, chips containing the security flaws…
Docker Containers Blind Spots
Researchers have revealed numerous critical and high severity vulnerabilities with exploits available publicly hidden in hundreds of popular container images, Some vulnerabilities are part of the CISA KEV catalog, including…
Atlassian Jira Align Vulnerabilities
Researchers have discovered vulnerabilities in Atlassian Jira Align, a SaaS platform could allow users with access to the service to become application administrators, and then attack the Atlassian service. The…