Category: Vulnerabilities

June 19, 2019

A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday. About the vulnerability (CVE-2019-11707) Mozilla did not share many details about the flaw – it simply stated that […]

June 19, 2019

The security hole, tracked as CVE-2019-2729 with a CVSS score of 9.8, impacts WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The flaw was independently reported to Oracle by nearly a dozen researchers. According to Oracle, the vulnerability exists due to a […]

June 14, 2019

It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Amit Serper, Cybereason’s head of security research, warned on Thursday about attackers exploiting the flaw to gain permanent root access via SSH to target Linux […]

June 14, 2019

Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System (IOS), is software […]

June 13, 2019

Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of […]

June 12, 2019

An alert issued by the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) on the ICS-CERT website is based on a blog post published in mid-April by Cylera, a company that provides cybersecurity and intelligence solutions for healthcare organizations. Cylera’s […]

June 12, 2019

Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. The critical vulnerability, tracked as CVE-2019-12498, is a […]

June 11, 2019

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882 vulnerability […]

June 10, 2019

Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations. An MTA functions much like a router […]

June 7, 2019

VMware has patched two high-severity flaws that affect its Tools and Workstation software. The first security flaw, tracked as CVE-2019-5522, affects VMware Tools 10.x on Windows. The vulnerability is an out-of-bounds read issue in the vm3dmp driver in Windows guest […]