Cisco issued a security advisory for a critical remote code execution vulnerability called “regreSSHion” affecting various products. The vulnerability, tracked as CVE-2024-6387, was disclosed by Qualys on July 1, 2024, and affects the OpenSSH server on glibc-based Linux systems, potentially allowing attackers to gain root access. The flaw is a regression of a previous vulnerability … Read more
Cisco has released a security advisory addressing a critical remote code execution (RCE) vulnerability known as “regreSSHion” which impacts various products. The vulnerability, labeled as CVE-2024-6387, was made public by the Qualys Threat Research Unit on July 1, 2024. It affects the OpenSSH server (sshd) on glibc-based Linux systems and could allow unauthorized attackers to … Read more
VMware, owned by Broadcom, has recently addressed critical vulnerabilities in its vCenter Server application that could allow malicious actors to execute remote code or elevate privileges on affected systems. These vulnerabilities, if left unpatched, pose a significant risk to organizations using VMware vSphere. The security advisory issued by VMware identifies three critical vulnerabilities, including a … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) has directed US federal agencies to defend their systems against three zero-day vulnerabilities in Citrix NetScaler and Google Chrome. These vulnerabilities have been patched but are actively being exploited in attacks, making them high-risk for federal enterprises. Citrix has advised its customers to immediately patch their Internet-exposed NetScaler … Read more
HPE Aruba Networking has recently issued security updates to address critical vulnerabilities in ArubaOS that could potentially lead to remote code execution on affected systems. Among the 10 identified security flaws, four are classified as critical due to their severity. These include unauthenticated buffer overflow vulnerabilities in various services accessed via the PAPI protocol, posing … Read more
VMware has released a patch for a critical vulnerability in the vCenter Server with a high CVSS score. This vulnerability allows a remote unauthorized user to execute arbitrary code on a target system. RCE In VMWare vCenter Server Receives a Fix On October 25, 2023, VMware released a patch for a critical vulnerability CVE-2023-34048, which … Read more
Oct 25, 2023NewsroomVulnerability / Cyber Threat VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. “A malicious … Read more
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). “Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published,” the company said in an update to the original … Read more