DESCRIPTION:The Apache Software Foundation has released Apache HTTP Server 2.4.52.Reference:https://downloads.apache.org/httpd/Announcement2.4.html CVE-2021-44790 (CVSS score: 9.8- CRITICAL) -A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. CVE-2021-44224...
Read More
DESCRIPTION:A vulnerability has been discovered in Fortinet FortiWeb that couldallow for arbitrary code execution. Fortinet FortiWeb is a firewall forweb applications, which provides threat protection for medium and largeenterprises. Successful exploitation of this vulnerability could allowfor arbitrary code execution within the context of the affectedapplication. Depending on the privileges associated with thisapplication, an attacker could then install programs; view, change, ordelete data; or create new...
Read More
DESCRIPTION:A vulnerability has been discovered in Mozilla’s Network SecurityServices (NSS), a set of cryptography libraries used to handlesignatures and certification validation. Successful exploitation of thisthe vulnerability could allow for arbitrary code execution within thecontext of the affected application, which could be either a client likeThunderbird or server like Apache webserver. Depending on the privilegesassociated with this application, an attacker could then installprograms; view, change, or...
Read More
Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems.A series of vulnerabilities in the popular Java-based logging library Log4j is under active exploitation by multiple threat actors. The current list of vulnerabilities and recommended fixes are listed here: CVE-2021-44228 (CVSS score: 10.0- CRITICAL) – Apache Log4j2 JNDI features do not...
Read More
DESCRIPTION:Multiple vulnerabilities have been identified in Mozilla Thunderbird,the most severe of which could allow for arbitrary code execution.Mozilla Thunderbird is an email client. Successful exploitation of themost severe of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then install programs; view, change, or delete data; orcreate new accounts with full user rights. Users whose accounts areconfigured...
Read More
