Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-37957: Chromium: CVE-2021-37957 Use after free in WebGPU

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 94.0.992.31 9/24/2021 94.0.4606.54

Microsoft Security Response Center
Open in Source
#Microsoft Edge (Chromium-based)#Security Vulnerability#web#microsoft
CVE-2021-37956: Chromium: CVE-2021-37956 Use after free in Offline use

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 94.0.992.31 9/24/2021 94.0.4606.54

Microsoft Exchange Autodiscover flaw reveals users’ passwords

Researchers were able to harvest hundreds of thousands of credentials thanks to a quirk of the Autodiscover process. Categories: Exploits and vulnerabilities Tags: autodiscover domains exchange microsoft microsoft exchange tlds *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/microsoft-exchange-autodiscover-flaw-reveals-users-passwords/ ) )* The post Microsoft Exchange Autodiscover flaw reveals users’ passwords appeared first on Malwarebytes Labs.

CVE-2021-41084: HTTP Semantics

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.

Microsoft makes a bold move towards a password-less future

Microsoft envisions a password-less future. Password expert Per Thorsheim isn't so sure. Categories: Opinion Tags: 2fa attack targets microsoft passwords per thorsheim *( Read more... ( https://blog.malwarebytes.com/opinion/2021/09/microsoft-makes-a-bold-move-towards-a-password-less-future/ ) )* The post Microsoft makes a bold move towards a password-less future appeared first on Malwarebytes Labs.

CVE-2021-30631: Chromium: CVE-2021-30631 Type Confusion in Blink layout

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30630: Chromium: CVE-2021-30630 Inappropriate implementation in Blink

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30629: Chromium: CVE-2021-30629 Use after free in Permissions

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30628: Chromium: CVE-2021-30628 Stack buffer overflow in ANGLE

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30627: Chromium: CVE-2021-30627 Type Confusion in Blink layout

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82