August 28, 2024 at 02:03AM The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in the Apache OFBiz system to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-38856, allows remote code execution and carries a CVSS score of 9.8. Organizations are advised to update to version 18.12.15 by September 17, 2024 … Read more
August 26, 2024 at 11:36AM SonicWall has released security updates to fix a critical flaw (CVE-2024-40766) in its firewalls, affecting Gen 5, Gen 6, and Gen 7 devices running certain SonicOS versions. The vulnerability could allow unauthorized access and cause the firewall to crash. Users are urged to install the latest firmware to mitigate potential … Read more
August 26, 2024 at 10:47AM SonicWall’s SonicOS is at risk due to a critical access control flaw, posing potential unauthorized resource access or firewall crash. Based on the meeting notes, it appears that SonicWall’s SonicOS is vulnerable to a critical access control flaw. This flaw could potentially allow attackers to gain unauthorized access to resources … Read more
August 26, 2024 at 09:12AM SonicWall warns about a critical vulnerability in its SonicOS network security appliances, tracked as CVE-2024-40766. The flaw could allow unauthorized access and firewall crashes. It affects SonicWall Gen 5, Gen 6, and Gen 7 firewalls, with updates available for affected versions. Customers are urged to patch their systems promptly due … Read more
August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more
July 19, 2024 at 11:06AM SonicWall warns that a recently patched Splunk Enterprise vulnerability, CVE-2024-36991, is more severe than initially considered. The vulnerability, with a CVSS score of 7.5, allows for path traversal on the /modules/messaging/ endpoint, potentially granting access to sensitive files. SonicWall urges users to update or disable Splunk Web to mitigate the … Read more
June 3, 2024 at 05:09PM SonicWall Capture Labs found a high-severity remote code execution vulnerability (CVE-2024-21683) in Atlassian Confluence. It enables threat actors to execute arbitrary code with network access and macro language privileges. SonicWall released signatures to protect customers and warned about the available exploit code. Users are urged to upgrade due to Confluence … Read more
January 16, 2024 at 09:39AM Over 178,000 SonicWall firewalls are susceptible to two security vulnerabilities. These flaws could lead to denial-of-service conditions and remote code execution. While there’s no evidence of exploits, a proof-of-concept for one vulnerability has been released. The cybersecurity firm warns that bad actors could use these flaws to trigger repeated crashes … Read more
January 16, 2024 at 09:12AM Report: Many SonicWall next-generation firewall devices are unpatched for critical vulnerabilities CVE-2022-22274 and CVE-2023-0656, with potential for DoS and RCE attacks. Over 178,000 vulnerable devices found, and new PoC exploits developed. Recommendations include applying patches immediately due to known exploitation in malicious attacks. Key Takeaways from Meeting Notes: – Cybersecurity … Read more
January 16, 2024 at 08:21AM Security researchers have uncovered vulnerabilities in over 178,000 SonicWall next-generation firewalls (NGFW) with exposed management interfaces online, potentially leading to denial-of-service (DoS) and remote code execution (RCE) attacks. These vulnerabilities could impact a significant number of SonicWall devices and may pose a serious threat to corporate networks, emphasizing the need … Read more