Remove 2023 Remove Authentication Remove Security Defenses
article thumbnail

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. Within this version, an API endpoint is active on the local host (127.0.0.1)

VPN 114
article thumbnail

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

eSecurity Planet

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Vulnerability Recap – December 18, 2023 – JetBrains TeamCity Exploits Continue

eSecurity Planet

Before your IT and security teams log off for the holidays, make sure to check for any outstanding updates or patches. December 11, 2023 Sonar Finds Three Vulnerabilities in Open-Source Firewall pfSense Type of vulnerability: Cross-site scripting and command injection. pfSense CE 2.7.0 and below and pfSense Plus 23.05.1 Versions 2.7.1

Backups 110
article thumbnail

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 102
article thumbnail

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

See the Top Patch and Vulnerability Management tools October 23, 2023 Citrix NetScaler Vulnerability Under Active Attack Type of attack: Active exploitation of the high-risk Sensitive Information Disclosure vulnerability ( CVE-2023-4966 ) disclosed on October 10, 2023 and now known as Citrix Bleed.

article thumbnail

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 93
article thumbnail

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 100