Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Security Boulevard
SSD Advisory – Symfony Framework forward() Remote Code Execution

SSD Advisory – Symfony Framework forward() Remote Code Execution

Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components ...
Dark Side Quantum Computing

Flaws in BLE Chips Expose Millions of Enterprise Wi-Fi APs to Hacking

Security researchers have found two serious vulnerabilities in Bluetooth Low Energy (BLE) chips from Texas Instruments (TI) that are used in millions of Wi-Fi access points, but also in devices from various ...
Security Boulevard
Flaw Allows Hacking Macs, iOS Devices with Single Network Packet

Flaw Allows Hacking Macs, iOS Devices with Single Network Packet

Apple has fixed a serious vulnerability in macOS and iOS that could allow hackers to compromise devices over the local network by sending them a single malformed Internet Protocol (IP) packet. The ...
Security Boulevard
JQuery File Upload Flaw Highlights Security Challenges with Code Reuse

JQuery File Upload Flaw Highlights Security Challenges with Code Reuse

A serious remote code execution vulnerability in a popular jQuery widget turned out to have widespread implications, as the code has been forked, modified and used in thousands of other projects. The ...
Security Boulevard

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited ...
Webex Vulnerability Can Enable Remote Code Execution

Webex Vulnerability Can Enable Remote Code Execution

Cisco Systems patched a serious privilege escalation vulnerability in the Webex Meetings Desktop App and the Webex Productivity Tools that could be exploited remotely on local networks. The flaw has been dubbed ...
Security Boulevard
Drupal Patches Critical Remote Code Execution Flaws

Drupal Patches Critical Remote Code Execution Flaws

The popular Drupal content management system received fixes for five serious vulnerabilities that allow for remote code execution and could help hackers break into websites. Two of the patched vulnerabilities are rated critical ...
Security Boulevard
FreeRTOS Flaws Puts Many IoT, ICS Devices at Risk

FreeRTOS Flaws Puts Many IoT, ICS Devices at Risk

Security researchers have found serious vulnerabilities in FreeRTOS, an open source operating system that’s commonly used in embedded devices including those in smart homes and critical infrastructure. FreeRTOS is a lightweight real-time ...
Security Boulevard

SSD Advisory – Firefox JavaScript Type Confusion RCE

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process ...
Loading...