Vulnerabilities & Exploits Archives - Page 56 of 106

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 16, 2020 / .NET, Adobe, codecs, CVE-2020-16898, CVE-2020-16951, CVE-2020-16952, CVE-2020-17022, CVE-2020-17023, Dynamics, Exchange Server, Flash Player, JET Database, Microsoft, Open Source, PowerSHell, Visual Studio, Windows

Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical “Bad Neighbor” vulnerability and two out-of-band patches.

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated) Read More »

SAP October 2020 Security Patch Day includes fix for Critical OS Command Injection vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 14, 2020 / CVE-2020-6364, SAP

Software giant SAP has released October 2020 Security Patch Day that includes 15 separate security advisories and patches. One of the Critical patches fixes an OS Command Injection Vulnerability CVE-2020-6364 in CA Introscope Enterprise Manager.

SAP October 2020 Security Patch Day includes fix for Critical OS Command Injection vulnerability Read More »

Apache patches Tomcat HTTP/2 Request mix-up vulnerability (CVE-2020-13943)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 14, 2020 / Apache, CVE-2020-13943, HTTP/2, Tomcat

The Apache Software Foundation has patched a Tomcat HTTP/2 Request mix-up vulnerability CVE-2020-13943. A cyber attacker could exploit this vulnerability to steal sensitive information.

Apache patches Tomcat HTTP/2 Request mix-up vulnerability (CVE-2020-13943) Read More »

WordPress plugin WPBakery vulnerability exposed over 4M sites

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 13, 2020 / Wordfence, WordPress, WPBakery, XSS

A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.

WordPress plugin WPBakery vulnerability exposed over 4M sites Read More »

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 10, 2020 / BIG-IP, CISA, Citrix, CVE-2018-13379, CVE-2019-11510, CVE-2019-19781, CVE-2020-1472, CVE-2020-15505, CVE-2020-2021, CVE-2020-5902, F5, FortiGuard, FortiOS, MobileIron, Netscaler, Palo Alto Networks, Pulse Secure, Zerologon

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations Read More »

QNAP Helpdesk software vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 9, 2020 / CVE-2020-2506, CVE-2020-2507, NAS, QNAP, QSnatch, storage, VPNFilter

QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.

QNAP Helpdesk software vulnerabilities Read More »

Cisco patches Webex Teams and surveillance camera vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 8, 2020 / Cameras, CVE-2020-3467, CVE-2020-3535, CVE-2020-3544, DLL hijacking, ISE, RBAC, Webex

Cisco has patched high risk Webex Teams, video surveillance camera and Identity Services Engine (ISE) vulnerabilities.

Cisco patches Webex Teams and surveillance camera vulnerabilities Read More »

Google releases Chrome security update (86.0.4240.75)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 7, 2020 / Chrome, CVE-2020-15967

Google has released Chrome 86.0.4240.75 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Google releases Chrome security update (86.0.4240.75) Read More »

Cisco fixes 29 High risk security bugs in Cisco IOS and IOS XE software, Aironet and other network products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 25, 2020 / Aironet, Catalyst, Cisco, IOS XE, Network, Networking, Switch

Cisco has patched 26 High severity Cisco IOS and IOS XE software vulnerabilities for multiple network products. The company also patched one Catalyst 9200 switch vulnerability and two Cisco Aironet Access Point security bugs.

Cisco fixes 29 High risk security bugs in Cisco IOS and IOS XE software, Aironet and other network products Read More »

Apples releases macOS Catalina 10.15.7 and iCloud for Windows security updates

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 25, 2020 / Apple, Catalina 10.15.7, iCloud, iOS, macOS, macOS Catalina, OSX, Safari, tvOS, watchOS, Windows, Xcode

Apple has released security updates to fix vulnerabilities in macOS Catalina 10.15.7, iCloud for Windows 11.4 and other products.

Apples releases macOS Catalina 10.15.7 and iCloud for Windows security updates Read More »