reader comments 11 Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known ..
Tag : Vulnerability
Getty Images reader comments 24 Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they’re in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments. Terrapin, ..
A critical vulnerability in Ray, an open source compute framework for AI, could allow unauthorized access to all nodes, cybersecurity firm Bishop Fox warns. Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this ..
Enterprise software maker Atlassian on Monday urged all Confluence Data Center and Server customers to patch their instances against a critical-severity vulnerability that can be exploited without authentication. The security defect, tracked as CVE-2023-22518 (CVSS score of 9.1), is described as an improper authorization bug that impacts all Confluence versions. While it did not share ..
Exploitation of a recently patched critical vulnerability in F5’s BIG-IP product started less than five days after public disclosure and proof-of-concept (PoC) exploit code was published. The flaw, tracked as CVE-2023-46747 (CVSS score of 9.8), affects the Traffic Management User Interface of BIG-IP and allows for unauthenticated, remote code execution (RCE). A request smuggling flaw, ..
Getty Images reader comments 18 with A vulnerability that allows attackers to bypass multifactor authentication and access enterprise networks using hardware sold by Citrix is under mass exploitation by ransomware hackers despite a patch being available for three weeks. Citrix Bleed, the common name for the vulnerability, carries a severity rating of 9.4 out of ..
Security and application delivery solutions provider F5 on Thursday warned customers of a critical-severity vulnerability in its BIG-IP product. Tracked as CVE-2023-46747 (CVSS score of 9.8) and impacting the Traffic Management User Interface of the solution, the vulnerability allows an unauthenticated attacker to execute arbitrary code remotely. “This vulnerability may allow an unauthenticated attacker with ..
The number of Cisco devices hacked through the exploitation of two new zero-day vulnerabilities remains very high, but recent scans appeared to show a significant drop due to the attackers updating their implant. Unidentified hackers have been exploiting the Cisco IOS XE vulnerabilities tracked as CVE-2023-20198 and CVE-2023-20273 to create high-privileged accounts on affected devices ..
Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks, Cisco’s Talos threat intelligence and research group reported on Wednesday. The vendor was notified in late June and given more than 90 days to release patches. However, no fixes appear to have been released and Cisco ..
A critical vulnerability in the TeamCity CI/CD server could be exploited remotely, without authentication, to execute arbitrary code and gain administrative control over a vulnerable server. Developed by JetBrains, TeamCity is a general-purpose build management and continuous integration platform available both for on-premises installation and as a cloud service. The recently identified critical flaw, tracked ..