Vulnerability

Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning

• Vulnerability

Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning

Do Son November 21, 2024 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities...

Read More Read more about Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning

CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published

• Vulnerability

CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published

Do Son November 21, 2024 0

A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP...

Read More Read more about CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published

CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution

• Vulnerability

CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution

Do Son November 20, 2024 0

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of...

Read More Read more about CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution

CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director

• Vulnerability

CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director

Do Son November 20, 2024 0

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software....

Read More Read more about CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director

2024 CWE Top 25: Critical Software Weaknesses Revealed

• Vulnerability

2024 CWE Top 25: Critical Software Weaknesses Revealed

Do Son November 20, 2024 0

The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a...

Read More Read more about 2024 CWE Top 25: Critical Software Weaknesses Revealed

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

• Vulnerability

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

Do Son November 20, 2024 0

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which...

Read More Read more about WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

• Vulnerability

Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

Do Son November 20, 2024 0

Veritas has released a security advisory regarding a critical remote code execution (RCE) vulnerability affecting multiple versions...

Read More Read more about Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

• Vulnerability

Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

Do Son November 20, 2024 0

Ruckus APs running specific software versions are vulnerable to unauthenticated remote code execution attacks. Ruckus Networks has...

Read More Read more about Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

• Vulnerability

Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

Do Son November 20, 2024 0

D-Link has issued a security announcement concerning several End-of-Life (EOL) and End-of-Service (EOS) router models, including the...

Read More Read more about Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

• Linux
• Vulnerability

Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

Do Son November 20, 2024 0

Qualys Threat Research Unit uncovers five local privilege escalation flaws, enabling unprivileged users to gain root access....

Read More Read more about Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

• Vulnerability

CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

Do Son November 20, 2024 0

A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to...

Read More Read more about CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

• Vulnerability

Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

Do Son November 19, 2024 0

In a recent analysis, security researcher Sonny from watchTowr unveiled the technical intricacies of two zero-day vulnerabilities...

Read More Read more about Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

• Vulnerability

CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

Do Son November 19, 2024 0

Atlassian has issued a security advisory warning of a critical remote code execution (RCE) vulnerability in its...

Read More Read more about CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

• Vulnerability

Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

Do Son November 19, 2024 0

Google has released a new stable version of its Chrome browser for desktop, addressing three security vulnerabilities,...

Read More Read more about Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

• Vulnerability

CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

Do Son November 19, 2024 0

Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management...

Read More Read more about CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

• Vulnerability

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

Do Son November 19, 2024 0

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. A critical...

Read More Read more about CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

• Malware
• Vulnerability

CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

Do Son November 19, 2024 0

Sekoia’s Threat Detection & Research (TDR) team uncovers a Linux variant of the Helldown ransomware, expanding the...

Read More Read more about CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

• Vulnerability

Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

Do Son November 19, 2024 0

A newly discovered vulnerability in the popular Wget download utility could allow attackers to launch server-side request...

Read More Read more about Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution

• Vulnerability

CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution

Do Son November 19, 2024 0

The Apache Software Foundation has released important security updates to address two critical vulnerabilities in Apache OFBiz,...

Read More Read more about CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

• Vulnerability

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

Do Son November 19, 2024 0

Apple users are urged to update their devices immediately following the discovery of two critical zero-day vulnerabilities...

Read More Read more about CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities