Category Archives: Vulnerabilities

Apache Vulnerability Log4j RCE (CVE-2021-44228)

A critical vulnerability (CVE-2021-44228) has recently been discovered that affects Log4j versions from 2.0-beta9 to 2.14.1, and is critical as it can be remotely exploited by a non-authenticated attacker allowing remote code execution (RCE). The vulnerability is rated 10 out of 10 in the Common Vulnerability Rating System (CVSS), which describes how serious the vulnerability […]

SAP Patches Critical Vulnerabilities in Environmental Compliance

By Ionut Arghire On Tuesday, its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News. The most important of SAP’s security notes ( deals with two critical vulnerabilities in SAP Environmental Compliance. Tracked as CVE-2020-10683 and CVE-2021-23926 (CVSS […]

Adobe Patches Critical Code Execution Vulnerabilities in Several Products

By Eduard Kovacs Adobe on Tuesday announced that it has patched a total of 10 vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has patched ( four vulnerabilities in Acrobat and Reader for Windows and macOS. Two of the flaws, described as use-after-free and out-of-bounds issues, have been classified as critical and […]

Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws

Today is Microsoft’s October 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws. Microsoft has fixed 74 vulnerabilities (81 including Microsoft Edge) with today’s update, with three classified as Critical, and 70 as Important, and one as Low. These 81 vulnerabilities (including Microsoft Edge) are classified as: 21 […]

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack […]