+44 (0)203 88 020 88

Menu

Search

Vulnerabilities

Jira Service Management Authentication Vulnerability

A broken authentication vulnerability has been identified in Jira Service Management Server and Data Center versions after 5.3.0. Atlassian Support have published a security advisory to inform users of this vulnerability, which they have rated as critical severity, with a CVSS base score of 9.4. Versions of Jira Service Management Server and Data Center affected […]

Jira Service Management Authentication Vulnerability Read More »

Critical Code Injection Flaw on QNAP NAS Devices

QNAP have released a security advisory this week to warn users of a critical severity vulnerability affecting operating system versions QTS 5.0.1 and QuTS hero h5.0.1. Firmware updates for the affected systems have been released, which can be downloaded for supported NAS models to patch this flaw. Users of affected systems should update their devices

Critical Code Injection Flaw on QNAP NAS Devices Read More »

VMware Patch Remote Code Execution Vulnerabilities

Multiple vulnerabilities have been patched in a new update for VMware vRealize Log Insight last week, some of which can be chained into an attack that results in remote code execution on unpatched systems. VMware vRealize Log Insight is an administrative tool for log analysis and infrastructure management also known as VMware Aria Operations for

VMware Patch Remote Code Execution Vulnerabilities Read More »

Apple Backport Zero-Day Security Patches for iOS

Apple have released security updates this week for a range of their software, including MacOS, watchOS, iOS, iPadOS, and Safari. Among these new releases is iOS 12.5.7, which contains backported security patches for older iPhone models to resolve a high severity zero-day vulnerability. This flaw was patched in more recent device models in December, however

Apple Backport Zero-Day Security Patches for iOS Read More »

Critical Authentication Bypass in Cisco Routers

Two new vulnerabilities have been disclosed on end-of-life Cisco RV Series small business routers. These vulnerabilities can be exploited individually or chained into an attack that allows for remote attackers to gain root access to the operating system where they can then execute arbitrary code. The affected devices are RV016 Multi-WAN VPN Routers, RV042 Dual

Critical Authentication Bypass in Cisco Routers Read More »

WordPress Plugins have SQL Injection Vulnerabilities

Proof of concept (PoC) code has been released for three critical vulnerabilities in WordPress plugins that allow for SQL injection into the website code. The affected plugins are Paid Memberships Pro, Easy Digital Downloads, and Survey Maker, all of which have now received security updates that patch the SQL injection flaws. A security researcher at

WordPress Plugins have SQL Injection Vulnerabilities Read More »

Google Chrome Update Patches 17 Vulnerabilities

A new version of the Chrome desktop app has been released to the Chrome Stable Channel available for all platforms. Chrome version 109.0.5414.74 on Linux, 109.0.5414.74/.75 on Windows, and 109.0.5414.87 on Mac contain new Chrome 109 features, as well as security patches for 17 vulnerabilities, two of which are high severity flaws.   CVE-2023-0128 is a

Google Chrome Update Patches 17 Vulnerabilities Read More »

First Microsoft Patch Tuesday of 2023 Fixes Zero-Day

This week was the first Microsoft Patch Tuesday of 2023, where a total of 98 different vulnerabilities have been patched, including an actively exploited zero-day flaw. This update addresses twice the number of vulnerabilities as the December 2022 Patch Tuesday, which saw fixes for 49 vulnerabilities and 2 zero-day flaws.   Eleven of the vulnerabilities patched

First Microsoft Patch Tuesday of 2023 Fixes Zero-Day Read More »

High Severity Vulnerability in ManageEngine Products

A high severity SQL injection vulnerability has been patched in recent updates for Zoho ManageEngine products Password Manager Pro, PAM360, and Access Manager Plus. The software provider released a security advisory for this vulnerability where they advised customers of all three affected products to upgrade to the latest versions immediately due to the severity of

High Severity Vulnerability in ManageEngine Products Read More »

0

No products in the basket.

No products in the basket.