October 2, 2024 at 06:27AM A critical vulnerability in Zimbra was exploited in the wild to deploy a web shell on vulnerable servers shortly after a proof-of-concept release. This raised significant concerns regarding the security of Zimbra systems. Source: SecurityWeek. Based on the meeting notes, the key takeaway is that a critical-severity vulnerability in Zimbra … Read more
August 30, 2024 at 04:42AM Progress Software’s network monitoring solution WhatsUp Gold has critical vulnerabilities (CVE-2024-4885) allowing remote attackers to execute arbitrary code, posing a significant risk. While version 23.1.3 addressed the issue, upgrading to version 24.0.0 is encouraged, though the manual process may deter some administrators. Administrators are advised to upgrade promptly to mitigate … Read more
August 22, 2024 at 01:54PM SolarWinds has released patches to fix a new security flaw in its Web Help Desk software that could permit unauthorized access. Tracked as CVE-2024-28987, the vulnerability is rated 9.1 in severity. Users are advised to update to version 12.8.3 Hotfix 2 to address the issue. Further details will be disclosed … Read more
August 14, 2024 at 11:28AM A critical vulnerability in SolarWinds’ Web Help Desk solution allows for remote code execution due to a Java deserialization flaw (CVE-2024-28986). The company released a hotfix for the issue, impacting all versions except 12.8.3 with the hotfix applied. Users are advised to upgrade to the latest version and apply the … Read more
June 14, 2024 at 03:00AM A Protect AI report has revealed a dozen critical vulnerabilities in open-source AI/ML tools, including issues that could lead to information exposure, privilege escalation, and server takeover. The most severe is CVE-2024-22476 in Intel Neural Compressor, allowing remote privilege escalation. The report emphasizes timely reporting to maintainers for fixes. Various … Read more
June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more
May 22, 2024 at 09:03AM GitHub has released patches for a critical-severity vulnerability in Enterprise Server, impacting instances using SAML SSO authentication and encrypted assertions. The CVE-2024-4985 vulnerability allows unauthorized access to administrative privileges. GitHub advises updating to patched releases 3.9.15, 3.10.12, 3.11.10, or 3.12.4 to mitigate the risk. Users are urged to prioritize implementing … Read more
April 15, 2024 at 09:54AM Juniper Networks recently released multiple advisories detailing over one hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products. Critical-severity issues were found in third-party software, including cURL and Junos cRPD. High-severity flaws impacting Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center were also addressed. Customers … Read more
January 5, 2024 at 07:18AM Ivanti warned of a critical vulnerability in its Endpoint Manager product, CVE-2023-39336, allowing remote code execution and potential device takeover. The issue affects EPM 2022 Service Update 4 and all prior versions, with a fix available in EPM 2022 Service Update 5. Ivanti restricts details to customers, suggesting proactive patching … Read more
November 14, 2023 at 02:41PM Researchers have discovered 21 vulnerabilities in a popular brand of industrial router commonly used in the medical and manufacturing sectors. These vulnerabilities range from design flaws like hardcoded credentials to how the device handles potentially malicious inputs. Attackers who exploit these vulnerabilities can bypass security measures and target critical devices … Read more