vulnerability

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products

CISA KEV, D-Link, router, Vulnerabilities, vulnerability /

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products 2024-05-17 at 17:01 By Ionut Arghire CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw. The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products Read More »

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

DevOps, Don't miss, Git, GitHub, Hot stuff, News, open source, security update, vulnerability /

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) 2024-05-16 at 14:16 By Zeljka Zorz New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version

React to this headline:

Loading spinner

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) Read More »

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities 

Intel, Vulnerabilities, vulnerability /

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  2024-05-15 at 18:31 By Eduard Kovacs Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.  The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  Read More »

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

0-day, Don't miss, Hot stuff, Kaspersky, Mandiant, Microsoft, News, Patch Tuesday, security update, SharePoint, Trend Micro, vulnerability /

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that

React to this headline:

Loading spinner

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) Read More »

Apple backports iOS zero-day patch, adds Bluetooth tracker alert

apple, Don't miss, Google, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, security update, trackers, vulnerability /

Apple backports iOS zero-day patch, adds Bluetooth tracker alert 2024-05-14 at 16:32 By Zeljka Zorz Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has

React to this headline:

Loading spinner

Apple backports iOS zero-day patch, adds Bluetooth tracker alert Read More »

Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors

ICS/OT, modem, Network Security, vulnerability /

Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors 2024-05-13 at 17:46 By Ionut Arghire A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages. The post Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors appeared first on

React to this headline:

Loading spinner

Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors Read More »

CISA Announces CVE Enrichment Project ‘Vulnrichment’

CISA, Vulnerabilities, vulnerability /

CISA Announces CVE Enrichment Project ‘Vulnrichment’ 2024-05-09 at 16:01 By Eduard Kovacs CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes. The post CISA Announces CVE Enrichment Project ‘Vulnrichment’ appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

CISA Announces CVE Enrichment Project ‘Vulnrichment’ Read More »

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

Big-IP, F5, Vulnerabilities, vulnerability /

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager 2024-05-09 at 14:17 By Eduard Kovacs F5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device. The post F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager Read More »

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience

vulnerability /

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience 2024-05-08 at 13:16 By neetha871ad236bd Multiple Vulnerabilities Disclosed in CyberPower UPS Management Software  Executive Summary  UPS management software is employed by a broad spectrum of users, encompassing data centers, critical manufacturing sectors, healthcare facilities, educational institutions, government agencies, and beyond, to maintain uninterrupted mission-critical

React to this headline:

Loading spinner

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience Read More »

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

CISA, guidance, Vulnerabilities, vulnerability /

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities 2024-05-03 at 17:09 By Ionut Arghire CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities Read More »

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps

Android, Mobile & Wireless, Vulnerabilities, vulnerability /

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps 2024-05-03 at 14:31 By Eduard Kovacs Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations.  The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps Read More »

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

CVE-2024-27322, Featured, Vulnerabilities, vulnerability /

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks 2024-04-30 at 17:16 By Ionut Arghire A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack. The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first

React to this headline:

Loading spinner

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability /

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

Loading spinner

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability

Cisco, Vulnerabilities, vulnerability /

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability 2024-04-18 at 15:46 By Ionut Arghire Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available. The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Loading spinner

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

React to this headline:

Loading spinner

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

Delinea, Featured, Vulnerabilities, vulnerability /

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt 2024-04-16 at 13:46 By Eduard Kovacs PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw. The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared

React to this headline:

Loading spinner

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt Read More »

Juniper Networks Publishes Dozens of New Security Advisories

Juniper, Vulnerabilities, vulnerability /

Juniper Networks Publishes Dozens of New Security Advisories 2024-04-15 at 17:04 By Ionut Arghire Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products. The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Juniper Networks Publishes Dozens of New Security Advisories Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure /

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

React to this headline:

Loading spinner

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

Scroll to Top