Vulnerability

Sudo Releases Patch for Double Free Vulnerability (CVE-2023-27320)

• Vulnerability

Sudo Releases Patch for Double Free Vulnerability (CVE-2023-27320)

Do Son February 28, 2023 0

Recently, a vulnerability was discovered in the popular Linux utility sudo that could potentially result in the...

Read More Read more about Sudo Releases Patch for Double Free Vulnerability (CVE-2023-27320)

CVE-2023-26035: RCE flaw in open-source software application ZoneMinder

• Vulnerability

CVE-2023-26035: RCE flaw in open-source software application ZoneMinder

Do Son February 26, 2023 0

ZoneMinder developers last week shipped patches to address a new round of critical security vulnerabilities affecting its...

Read More Read more about CVE-2023-26035: RCE flaw in open-source software application ZoneMinder

Apache Airflow patches multiple vulnerabilities affecting its packages

• Vulnerability

Apache Airflow patches multiple vulnerabilities affecting its packages

Do Son February 23, 2023 0

Apache Airflow has published a security advisory to warn users about multiple security bugs affecting many of...

Read More Read more about Apache Airflow patches multiple vulnerabilities affecting its packages

CVE-2023-22920 flaw lets attacker gain unauthorized access to Zyxel routers

• Vulnerability

CVE-2023-22920 flaw lets attacker gain unauthorized access to Zyxel routers

Do Son February 23, 2023 0

Zyxel has moved to address a critical security vulnerability affecting Zyxel 4G LTE indoor routers that enable...

Read More Read more about CVE-2023-22920 flaw lets attacker gain unauthorized access to Zyxel routers

CVE-2023-25157 & CVE-2023-25158: SQLi Bugs in GeoTools & GeoServer

• Vulnerability

CVE-2023-25157 & CVE-2023-25158: SQLi Bugs in GeoTools & GeoServer

Do Son February 22, 2023 0

A now-patched security flaw in the GeoTools JavaScript module and GeoServer could be abused by a remote...

Read More Read more about CVE-2023-25157 & CVE-2023-25158: SQLi Bugs in GeoTools & GeoServer

CVE-2023-22578 & CVE-2023-25813: Critical SQLi flaws in Sequelize

• Vulnerability

CVE-2023-22578 & CVE-2023-25813: Critical SQLi flaws in Sequelize

Do Son February 22, 2023 0

Three critical vulnerabilities in Sequelize may allow a remote attacker to execute arbitrary SQL queries on the...

Read More Read more about CVE-2023-22578 & CVE-2023-25813: Critical SQLi flaws in Sequelize

CISA Warns Mitel MiVoice Connect & IBM Aspera Faspex Vulnerabilities Exploited in Attacks

• Vulnerability

CISA Warns Mitel MiVoice Connect & IBM Aspera Faspex Vulnerabilities Exploited in Attacks

Do Son February 21, 2023 0

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws affecting IBM Aspera Faspex and...

Read More Read more about CISA Warns Mitel MiVoice Connect & IBM Aspera Faspex Vulnerabilities Exploited in Attacks

VMware Patches Critical CVE-2023-20858 Vulnerability in Carbon Black App Control

• Vulnerability

VMware Patches Critical CVE-2023-20858 Vulnerability in Carbon Black App Control

Do Son February 21, 2023 0

Virtualization technology giant VMware on Tuesday shipped its security bulletin with patches for a critical-level flaw that...

Read More Read more about VMware Patches Critical CVE-2023-20858 Vulnerability in Carbon Black App Control

POC for CVE-2022-39952 affecting Fortinet FortiNAC Published

• Vulnerability

POC for CVE-2022-39952 affecting Fortinet FortiNAC Published

Do Son February 21, 2023 0

Users of FortiNAC are being urged to patch their instances against a critical security vulnerability ahead of...

Read More Read more about POC for CVE-2022-39952 affecting Fortinet FortiNAC Published

CVE-2023-24998: Apache Commons FileUpload and Tomcat DoS Flaw

• Vulnerability

CVE-2023-24998: Apache Commons FileUpload and Tomcat DoS Flaw

Do Son February 20, 2023 0

Apache Commons and Tomcat developers are urging users to update a file upload library due to the...

Read More Read more about CVE-2023-24998: Apache Commons FileUpload and Tomcat DoS Flaw

CVE-2022-27677: AMD Ryzen Master Privilege Escalation Vulnerability

• Vulnerability

CVE-2022-27677: AMD Ryzen Master Privilege Escalation Vulnerability

Do Son February 19, 2023 0

Recently, AMD revealed that there is a high-severity vulnerability in the Ryzen Master software, which may allow...

Read More Read more about CVE-2022-27677: AMD Ryzen Master Privilege Escalation Vulnerability

CVE-2023-23947: Critical security bypass vulnerability in Argo CD

• Vulnerability

CVE-2023-23947: Critical security bypass vulnerability in Argo CD

Do Son February 17, 2023 0

A critical-severity security vulnerability in Argo CD could allow an attacker to update out-of-bounds cluster secrets, and...

Read More Read more about CVE-2023-23947: Critical security bypass vulnerability in Argo CD

Fortinet patches critical CVE-2022-39952 & CVE-2021-42756 bugs in its products

• Vulnerability

Fortinet patches critical CVE-2022-39952 & CVE-2021-42756 bugs in its products

Do Son February 16, 2023 0

Fortinet has warned administrators to update the FortiNAC web server, and FortiWeb to the latest versions, which...

Read More Read more about Fortinet patches critical CVE-2022-39952 & CVE-2021-42756 bugs in its products

PoC Exploit Released for Windows Contacts RCE Flaw (CVE-2022-44666)

• Vulnerability

PoC Exploit Released for Windows Contacts RCE Flaw (CVE-2022-44666)

Do Son February 16, 2023 0

Proof-of-concept (PoC) exploits have been released for a patched Windows Contacts vulnerability that can be exploited for...

Read More Read more about PoC Exploit Released for Windows Contacts RCE Flaw (CVE-2022-44666)

CVE-2023-0662: A remote unauthenticated DoS vulnerability in PHP

• Vulnerability

CVE-2023-0662: A remote unauthenticated DoS vulnerability in PHP

Do Son February 16, 2023 0

PHP released this week versions 8.0.28, 8.1.16, and 8.2.3 of the scripting language. In addition to some...

Read More Read more about CVE-2023-0662: A remote unauthenticated DoS vulnerability in PHP

Cisco Patches High Vulnerability in ESA and Secure Email and Web Manager

• Vulnerability

Cisco Patches High Vulnerability in ESA and Secure Email and Web Manager

Do Son February 15, 2023 0

Cisco on Wednesday announced patches for two high-severity vulnerabilities impacting products such as Cisco Email Security Appliance...

Read More Read more about Cisco Patches High Vulnerability in ESA and Secure Email and Web Manager

CVE-2023-20032: Critical RCE vulnerability in ClamAV

• Vulnerability

CVE-2023-20032: Critical RCE vulnerability in ClamAV

Do Son February 15, 2023 0

ClamAV on Wednesday announced patches for two vulnerabilities across its open-source antivirus engine product, including a critical...

Read More Read more about CVE-2023-20032: Critical RCE vulnerability in ClamAV

CVE-2023-0291 allows attackers to delete all uploaded WordPress media files

• Vulnerability

CVE-2023-0291 allows attackers to delete all uploaded WordPress media files

Do Son February 15, 2023

Patches have been issued to contain a high security vulnerability in Quiz and Survey Master, a WordPress...

Read More Read more about CVE-2023-0291 allows attackers to delete all uploaded WordPress media files

CVE-2023-25725: HAProxy HTTP Request Smuggling Vulnerability

• Vulnerability

CVE-2023-25725: HAProxy HTTP Request Smuggling Vulnerability

Do Son February 14, 2023

A security vulnerability has been found in HAProxy, a widely used open-source load balancer and reverse proxy...

Read More Read more about CVE-2023-25725: HAProxy HTTP Request Smuggling Vulnerability

Microsoft February Patch Tuesday: fixed three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)

• Vulnerability

Microsoft February Patch Tuesday: fixed three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)

Do Son February 14, 2023

It’s time to gear up for the latest February 2023 Microsoft February Patch Tuesday. Microsoft today released...

Read More Read more about Microsoft February Patch Tuesday: fixed three zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)