November 17, 2023 at 01:06AM The U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The vulnerabilities include a Microsoft Windows security bypass, a Sophos command injection, and an unspecified Oracle vulnerability. A critical command injection bug has also been disclosed in FortiSIEM report server. … Read more
November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more
November 6, 2023 at 07:52AM QNAP Systems has issued security advisories regarding two critical command injection vulnerabilities in its QTS operating system and applications for network-attached storage (NAS) devices. The flaws, tracked as CVE-2023-23368 and CVE-2023-23369, can be exploited remotely by attackers. Multiple QTS versions are affected, but fixes are available for download. Admins are … Read more
October 16, 2023 at 04:52PM Cisco has disclosed a critical zero-day vulnerability in the Web User Interface of its IOS XE operating system. The flaw, assigned as CVE-2023-20198, affects all Cisco IOS XE devices with the Web UI feature enabled and allows attackers to create an account with complete device control. Cisco advises customers to … Read more