July 18, 2024 at 03:30PM Cisco has issued a patch for a critical vulnerability, CVE-2024-20419, enabling unauthorized password changes. The CVSS rating of 10 underlines the severity, with low attack complexity and high product impact. SSM On-Prem and SSM Satellite are affected, and no workarounds exist. Users in sensitive sectors are urged to promptly apply … Read more
May 22, 2024 at 03:58PM A critical security bug (CVE-2024-4985, CVSS 10) in GitHub Enterprise Server affects SAML SSO implementations with encrypted assertions. Attackers can create fake SAML responses to obtain admin privileges. Versions before 3.13.0 are vulnerable, but emergency fixes are available in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Key takeaways from the meeting … Read more
April 9, 2024 at 04:24PM A critical security vulnerability, tracked as CVE-2024-24576, allows threat actors to exploit Rust’s standard library to execute malicious commands on Windows systems. GitHub rates this flaw with a maximum CVSS base score of 10/10. The Rust security team faced challenges in resolving the issue, prompting an urge from the White … Read more
October 17, 2023 at 01:03AM Cisco has issued a warning about a critical security flaw in its IOS XE software that is being actively exploited. The vulnerability, assigned as CVE-2023-20198, allows remote attackers to create an account with high-level access and gain control of affected systems. The flaw only affects enterprise networking gear with the … Read more