Tag: flaw

November 11, 2022

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]

October 27, 2022

A now-patched security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected […]

October 18, 2022

Apache Commons Text is an open source Java library designed for working with strings. Alvaro Munoz, a researcher at GitHub’s Security Lab, discovered in March that the library is affected by an arbitrary code execution vulnerability related to untrusted data […]

October 12, 2022

A high-severity vulnerability discovered almost a year ago in VMware vCenter Server 8.0 has not yet been patched(opens in new tab), the company has confirmed. The flaw, tracked as CVE-2021-22048, is described as a privilege escalation vulnerability, and allows non-admin […]

October 11, 2022

Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products. CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), […]

September 23, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of […]

August 31, 2022

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]

August 25, 2022

Mozilla this week patched several high-severity vulnerabilities in its Firefox and Thunderbird products. Firefox 104 — as well as Firefox ESR 91.13 and 102.2 — patches a high-severity address bar spoofing issue related to XSLT error handling. The flaw, tracked […]

August 25, 2022

Cisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches. Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited […]

August 6, 2020

A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. About TeamViewer TeamViewer is an application developed by German company TeamViewer GmbH and is available […]

January 8, 2020

Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Compared to last year’s monthly tally, the number of CVEs […]

January 3, 2020

Cisco has released software updates that address several critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) product. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the […]

December 3, 2019

Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned. “Promon identified the StrandHogg vulnerability after it was informed by an Eastern European […]

September 23, 2019

Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical vulnerability addressed by Atlassian could allow server-side template injection leading […]

September 6, 2019

Google’s Project Zero security task force reported that it uncovered an “indiscriminate” hacking operation that targeted iPhones for at least two years to gain access to personal files, messages, and real-time location data. According to Motherboard, it could be one […]

August 16, 2019

A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a […]

August 8, 2019

Networking behemoth Cisco has rolled out an important firmware update for users of its 220 Series smart switches after a researcher discovered three security flaws in the systems, including two deemed critical. In typical bug-reporting fashion, Switchzilla has published separate […]

August 7, 2019

A six-week bug-hunting contest netted the US Air Force information on 54 security vulnerabilities in its Common Computing Environment (CCE), a branch-wide cloud platform that aims to serve up online applications, program management firm Bugcrowd said on August 6. The […]

July 31, 2019

Google Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim’s phone remotely. Apple’s most recent update to iOS wasn’t simply to add features: It also patched a significant vulnerability discovered by Google Project […]

July 24, 2019

A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with the vulnerable plugins […]