10 matches found
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...
Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data
A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out. The flaw CVE-2021-28133 stems from a glitch in the screen sharing function of...
Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week. The flaw CVE-2020-6492 is a use-after-free vulnerability in the WebGL We...
TeamViewer Flaw in Windows App Allows Password-Cracking
Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application...
Cisco Warns of High-Severity Bug in Small Business Switch Lineup
Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...
Critical Intel Flaws Fixed in Active Management Technology
Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges. The critical flaws exist in Intel’s Active Management Technology AMT, which is used for remote out-of-band management of personal...
Cisco IP Phone Harbors Critical RCE Flaw
Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service DoS attack. Proof-of-concept PoC exploit code has been posted on GitHub for the...
Trend Micro Fixes Critical Flaws Under Attack
Trend Micro has released security updates patching five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan XG for Windows. Specifically, Apex One 2019 and OfficeScan XG SP1 and XG are affected by four critical-severity and one high-severity flaws. Two of these...
Emergency Oracle Patch Closes Bug Rated 10 in Severity
Oracle pushed out an emergency update for a bug in Oracle Identity Manager that is as bad as it gets. Scoring a 10 on the CVSS scale, the vulnerability, CVE-2017-10151, enables an attacker to remotely take over the software without the need for authentication. “While the vulnerability is in Oracl...
Oracle to Release 56 Patches, Plus 20 More For Java in October CPU
Oracle on Tuesday plans to release patches for 56 new vulnerabilities in a huge number of its products through its scheduled quarterly critical patch update. The company said that the various vulnerabilities in this month’s CPU affect hundreds of Oracle products. The most serious group of...