Search results
Results from the WOW.Com Content Network
In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed. [38] [39] [40] It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs. [41] It was assigned CVE-2020-12965. Since most x86 software is already patched against MDS and this vulnerability ...
The project outlines the top 20 automated threats as defined by OWASP. [28] OWASP API Security Project: focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Includes the most recent list API Security Top 10 2023. [29]
The OWASP Top 10 - 2017 results from recent research based on comprehensive data compiled from over 40 partner organizations. This data revealed approximately 2.3 million vulnerabilities across over 50,000 applications. [4] According to the OWASP Top 10 - 2021, the ten most critical web application security risks include: [5] Broken access control
Pacman [a] is a side-channel vulnerability in certain ARM CPUs that was made public by Massachusetts Institute of Technology security researchers on June 10, 2021. It affects the pointer authentication (PAC) mechanism in many ARMv8.3 chips, including Apple's M1 CPU. [1]
Logo. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. [1] The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security. [2]
Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. [2] [3] The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021.
On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices.
PrintNightmare is a critical security vulnerability affecting the Microsoft Windows operating system. [2] [5] The vulnerability occurred within the print spooler service. [6] [7] There were two variants, one permitting remote code execution (CVE-2021-34527), and the other leading to privilege escalation (CVE-2021-1675).