Tag: vulnerabilities

November 23, 2022

As 5G connections are rapidly spreading, more and more questions and misconceptions are arising. What are the most common ones and how can they affect security teams? 5G is a comparatively new technology and many cybersecurity teams have not had […]

November 22, 2022

BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, […]

November 22, 2022

Solvo releases Data Posture Manager, its new cloud data and infrastructure management solution for public cloud users. Data Posture Manager delivers enhanced visibility into users and cloud components that have access to sensitive data, alerting organizations to excessive or newly-granted […]

November 18, 2022

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. “There is a command injection vulnerability using environment variables […]

November 17, 2022

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. […]

November 14, 2022

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]

November 11, 2022

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface. This week, Cisco’s Talos security researchers have published information on four vulnerabilities in […]

November 11, 2022

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]

November 10, 2022

Written in the C programming language and originally developed for the Gnome project, libxml2 is a software library for parsing XML documents. Tracked as CVE-2022-40303 and CVE-2022-40304, the two vulnerabilities could lead to remote code execution. Apple has credited Google […]

November 9, 2022

There were also updates to two previously released notes. Three other security notes were released between the second Tuesday of October and the second Tuesday of November. Three of this month’s security notes are marked ‘hot news’, which represents the […]

November 9, 2022

Citrix has released a fix for three high-severity vulnerabilities discovered in two of its popular products, and is now urging users to apply the patch immediately. The company has fixed three flaws found in Citrix ADC and Citrix Gateway. ADC […]

November 8, 2022

The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure. All of […]

November 1, 2022

Synack launched an API pentesting capability powered by its global community of elite security researchers. Organizations can now rely on the Synack platform for continuous pentesting coverage across “headless” API endpoints that lack a user interface and are increasingly exposed […]

October 27, 2022

Event Log is an Internet Explorer-specific application that exists in all Windows iterations, due to the deep integration of the browser with the operating system. Due to the specific set of permissions that Event Log has, two security defects haunt […]

October 24, 2022

Davide Virruso of Yoroi discovered that the web-based management interface of Identity Services Engine is affected by an unauthorized file access flaw that can allow a remote, authenticated attacker to read and delete files on impacted devices. The issue is […]

October 20, 2022

Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and […]

October 19, 2022

WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them […]

October 13, 2022

An advisory published by Palo Alto Networks on October 12 informs customers about a high-severity authentication bypass vulnerability affecting the web interface of its PAN-OS 8.1 software. The security hole is tracked as CVE-2022-0030. According to the company, a network-based […]

October 10, 2022

Tracked as CVE-2022-20419 and described as an information disclosure bug, the critical flaw has been resolved with the ‘2022-10-01 security patch level’, along with five other vulnerabilities in Framework that could lead to elevation of privilege, information disclosure and denial […]

October 4, 2022

The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an attacker to remotely execute arbitrary code with elevated privileges. Researcher Kevin Beaumont named the vulnerabilities ProxyNotShell due to similarities to the Exchange vulnerability dubbed ProxyShell, which has been […]