May 9, 2024 at 07:09AM F5 announced patches for its BIG-IP Next Central Manager to fix five vulnerabilities allowing complete device control. Eclypsium found the vulnerabilities but only two have CVE identifiers. One patched vulnerability is high severity, enabling unauthenticated attackers to execute malicious SQL statements. F5 states no impact beyond Next Central Manager. Eclypsium … Read more
March 26, 2024 at 04:53PM CVE-2024-1580 enables remote attackers to execute arbitrary code on impacted devices. Based on the meeting notes, it appears that the CVE-2024-1580 vulnerability allows remote attackers to execute arbitrary code on affected devices. This is a critical issue that warrants immediate attention and action to mitigate potential security risks. Full Article
December 7, 2023 at 07:00AM A severe Bluetooth flaw (CVE-2023-45866) allows unauthorized control over Android, Linux, macOS, and iOS devices via keystroke injection without user permission, affecting devices since Android 4.2.2. Discovered by Marc Newlin, no specialized hardware is needed for the exploitation, with full technical details pending release. Meeting Key Takeaways – Critical Bluetooth … Read more
November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more