![]() ![]() ![]() Hackers purge Brazilian spyware firm's device database CVSS 8.8 – CVE-2023-4296: PTC's Codebeamer application lifecycle management platform is vulnerable to cross-site scripting attacks if users click on malicious links, allowing attackers to inject arbitrary code into web browsers on target devices.Īs always, get patching, and thank your stars that it appears to be quiet going into a long weekend for US IT professionals.Mozilla released security updates for several products to address vulnerabilities that would allow an attacker "to take control of an affected system.".By chaining the vulnerabilities together, an unauthenticated attacker "may be able to remotely execute code on the devices," Juniper said. ![]() Juniper also merits a special mention this week, as a series of vulnerabilities affecting "all versions of Junos OS on SRX and EX series" firewalls and switches was reported that collectively earn a CVSS score of 9.8. While not as serious – rating just a 7.5 on the 10-point CVSS scale – it's still an issue for those using VMware Tools, which contain an SAML token signature bypass vulnerability. VMware released a second security update this week. The root cause is an authentication bypass vulnerability "due to a lack of unique cryptographic key generation," VMware said. If exploited, they can give an attacker access to Aria Operations for Networks' command line interface. We kick off this week's list of critical vulnerabilities with some serious (CVSS 9.8) issues discovered in VMware's Aria network monitoring tool. ![]() Critical vulnerabilities: VMware's bad week ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |