Monday , December 23 2024

Vulnerabilities

SafeBreach security research
Experts Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

flow

According to a new research bad actors could exploit the DOS-to-NT path conversion process to hide and impersonate files, directories, and processes, gaining rootkit-like capabilities. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted …

Read More »

CISCO Releases Security Advisories for CISCO IMC

Cisco

Cisco has issued security advisories for vulnerabilities in the Cisco integrated management controller. These vulnerabilities could allow a remote cyber threat actor to gain control of a compromised system. Cisco Integrated Management Controller CLI Command Injection Vulnerability:  A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could …

Read More »

ALERT
Oracle released April 2024 Critical Patch, 441 new security patches

Oracle

Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers. Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity …

Read More »

Palo Alto Releases Urgent Fixes for PAN-OS Vulnerability

palo alto network

Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

Read More »

ALERT
Bitdefender Critical Vulns Let Attackers Gain Control Over System

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

Read More »

Unpatched PHP Deserialization Vulnerability in Artica Proxy

Artica Proxy

SonicWall Capture Labs found a vulnerability with the Artica Proxy appliance. This vulnerability affects over 100K servers globally. Artica Proxy is a proxy solution that performs tasks like web filtering, SSL inspection, and bandwidth management. SonicWall has developed measures to mitigate the vulnerability. There is a security vulnerability called CVE-2024-2054 …

Read More »