Recherche : [Critical]

VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest https://www.securityweek.com/vmware-patches-critical-vulnerability-disclosed-at-pwn2own-hacking-contest/

26/04/2023 11:27:38

VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest.

Queuejumper: Critical Unauthorized RCE Vulnerability In MSMQ Service https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/

12/04/2023 01:01:43

Check Point Research recently discovered three vulnerabilities in the “Microsoft Message Queuing” service, commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Tuesday update. The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthorized attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

Cisco warns of critical flaw in ClamAV antivirus https://www.theregister.com/2023/02/17/cisco_clamav_critical_flaw/

17/02/2023 08:34:38

Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More https://samcurry.net/web-hackers-vs-the-auto-industry/

05/01/2023 07:01:14

During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work.

While we were visiting the University of Maryland, we came across a fleet of electric scooters scattered across the campus and couldn't resist poking at the scooter's mobile app. To our surprise, our actions caused the horns and headlights on all of the scooters to turn on and stay on for 15 minutes straight.

When everything eventually settled down, we sent a report over to the scooter manufacturer and became super interested in trying to more ways to make more things honk. We brainstormed for a while, and then realized that nearly every automobile manufactured in the last 5 years had nearly identical functionality. If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely.

Vulnerability Analysis - CVE-2022-1388 https://www.randori.com/blog/vulnerability-analysis-cve-2022-1388/

09/05/2022 19:01:08

CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.

Sophos patches critical remote code execution vulnerability in Firewall https://www.zdnet.com/article/sophos-patches-critical-remote-code-execution-vulnerability-in-firewall-defense-product/

28/03/2022 15:35:01

Sophos Firewall is a network protection solution for the enterprise market.

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html

14/02/2022 08:17:20

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

Liens par page

Filtres