Tag: vulnerabilities

July 26, 2023

Two of these flaws, tracked as CVE-2023-21554 and CVE-2023-28302, could lead to remote code execution (RCE) and denial-of-service (DoS) and were addressed by Microsoft with its April 2023 Patch Tuesday updates. No CVE identifier has been provided for the third […]

July 25, 2023

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below […]

July 24, 2023

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, […]

July 20, 2023

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into […]

July 13, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). “The results and impact of […]

July 7, 2023

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory […]

July 5, 2023

The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s […]

July 3, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link […]

June 28, 2023

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas […]

June 26, 2023

Widespread attacks against companies and government agencies through a trio of zero-day vulnerabilities in the MOVEit Managed File Transfer platform has granted notoriety to the Cl0p ransomware group. The list of affected data continues to grow, including personal data on […]

June 26, 2023

Tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash. […]

June 14, 2023

Two “dangerous” security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. “The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure […]

June 13, 2023

It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that […]

June 12, 2023

Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account,” […]

May 30, 2023

Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different […]

May 25, 2023

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities […]

May 25, 2023

Google has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments. […]

May 19, 2023

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed […]

May 18, 2023

Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. Specifically, the flaws in the web user interface can be used to run […]

May 10, 2023

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the […]