A critical vulnerability affecting Nexus 9000 switches has been recently disclosed. The vulnerability identified as CVE-2019-1804 is a hardcoded SSH key pair that could allow an unauthenticated, remote attacker to connect to the affected system...
An unpatched, highly critical, zero-day vulnerability in Oracle WebLogic server was disclosed. Some attackers might have already started exploiting it in the wild. The vulnerability potentially allows attackers to remotely execute arbitrary commands.
A highly critical, zero-day vulnerability in Oracle WebLogic server was disclosed. Some attackers might have already started exploiting it in the wild. The vulnerability potentially allows attackers to remotely execute arbitrary commands. Oracle...
A server-side template injection vulnerability has been discovered in Confluence Server and Data Center, in the Widget Connector. An attacker able to exploit this issue could achieve path traversal and remote code execution on systems that run a...
VMware has released security updates to address security vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system including allowing the guest to execute code on the host...
Kaspersky has discovered a supply chain attack that affects ASUS computers. Dubbed Operation ShadowHammer, the operation took place from June to November 2018. The threat actors used the ASUS Live Update service to infect machines with an...
A critical vulnerability (CVE-2019-7816) in the web application development platform Adobe ColdFusion has been recently patched. The vulnerability allows attackers to execute arbitrary code bypassing a file upload restriction. Adobe released a...
An important security update was released by Drupal, which patches a remote code execution vulnerability (number CVE-2019-6340). The vulnerability was caused by the data passed into the RESTful Web service without strict verification. Successful...
A critical remote code execution vulnerability in versions of WordPress prior to 5.0.3 was disclosed. A flaw could be exploited by an attacker who gains access to an account with at least author privileges on a WordPress install to execute...
A container breakout security flaw was found in underlying software used by _containerization_ software (operating-system-level virtualization software). The vulnerability - CVE-2019-5736 - dubbed "runc container breakout" allows specially...
A vulnerability was discovered in Microsoft Exchange Server that allows a regular user to perform a privilege escalation technique and gain Domain Administrator access. Abusing the privileged role Exchange servers normally have by default on...
Web cache poisoning has long been considered a _theoretical_ threat. However, already published research describes practical examples of this type of attack. Also, recently there have been documented cases of observing exploitation of these types...
Web cache poisoning has long been considered a _theoretical_ threat. However, already published research describes practical examples of this type of attack. Also, recently there have been documented cases of observing exploitation of these types...
Security researchers disclosed details about two critical vulnerabilities related to the use of BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI). The vulnerable BLE chips are embedded in WiFi network equipment from Cisco, Meraki...
On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among...
On 11th of October 2018, several vulnerabilities have been fixed in PHP, a programming language designed for web applications. According to the Center for Internet Security, these vulnerabilities allow an adversary to perform an arbitrary code...
On 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities...
On August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Scheduler uses Advanced Local Procedure Call (ALPC) to read and...
Ghostscript -- an interpreter for PostScript and PDF -- is affected by a major vulnerability. There is currently no patch available, but some workarounds are possible.
Semmle researchers discovered and disclosed a critical remote code execution vulnerability (CVE-2018-11776) in the Apache Struts web application framework. That flaw could allow remote attackers to run malicious code on the affected servers.
In January 2018, two separate teams discovered flaws in Intel processor
allowing speculative execution attacks and notified Intel of their researches. On 14th of August 2018, the vulnerabilities were disclosed publicly under the name Foreshadow....
On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the...
On August 4th the researcher Jens Steube published on his website a new method to get a hash which involves the Pre-Shared Key (PSK) of a wifi access point. A successful exploitation of the technique allows an attacker to retrieve the PSK.
Recently Oracle released patches for vulnerability CVE-2018-2893. This vulnerability allows an unauthenticated attacker to compromise Oracle WebLogic Server. Exploits were published on GitHub and on other websites after the announcement of the...
On the 12th of July 2018, Juniper has released updates to address several vulnerabilities affecting JunOS products. A remote attacker can exploit those vulnerabilities in order to trigger privilege escalation, denial of service, firewall rule...