Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd). This vulnerability, known as regreSSHion, is a regression of the previously… Article Source https://cybersecuritynews.com/netscaler-adc-gateway-regresshion/
Two recent vulnerability disclosures demand swift attention from organizations using Ivanti Endpoint Manager and Citrix Virtual Apps & Desktops. Ivanti’s latest security update addresses a critical vulnerability (CVE-2024-50330) that… Article Source https://socradar.io/critical-rce-in-ivanti-endpoint-manager-citrix-virtual-apps-desktops-flaws-patch-now/
Security researchers have disclosed critical vulnerabilities in Citrix Virtual Apps and Desktops that could allow remote code execution (RCE) attacks. Proof-of-concept (PoC) exploitation attempts have already been… Article Source https://cybersecuritynews.com/citrix-virtual-apps-desktops-rce/
Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability in Citrix’s Virtual Apps and Desktops. The exploit, discovered by watchTowr, can be carried out… Article Source https://www.theregister.com/2024/11/12/http_citrix_vuln/
An unpatched zero-day vulnerability in Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving the way for data theft, lateral movement, and desktop takeover. According to watchTowr research out today, the… Article Source https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution… Article Source https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform… Article Source https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-rce-flaws-in-aruba-networking-access-points/
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1… Source link
Oct 22, 2024Ravie LakshmananVulnerability / Enterprise Security VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability,… Source link
A recent proof-of-concept exploit has been published for a critical vulnerability in VMware vCenter Server, designated CVE-2024-22274. This vulnerability affects the API components of the vCenter Server and has been rated as Important with a CVSSv3 base score of 7.2. The exploit targets specific API components that are vulnerable to a flag injection attack, allowing … Read more