Software Development Security Firm Argon Announces Launch

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-21192
PUBLISHED: 2021-03-16

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21193
PUBLISHED: 2021-03-16

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-28543
PUBLISHED: 2021-03-16

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, a…

CVE-2020-24263
PUBLISHED: 2021-03-16

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

CVE-2020-24264
PUBLISHED: 2021-03-16

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is …

Source

Next Post

Microsoft rolls back update to fix access issues for thousands

Tue Mar 16 , 2021
By Reuters Staff 1 Min Read FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Photo (Reuters) – Microsoft Corp said early on Tuesday glitches that affected access to workplace messaging app Teams, Outlook.com and other services have been largely fixed after […]