We are currently facing a de-centralized and IoT driven trend. There are growing number of connected devices including work from home environment, especially during this pandemic, so the security countermeasure needs to be reinforced. There are more browser support and users are encouraged to switch to TLS 1.3 because of…
Given the threats of the pandemic, 2020 was a year of game changer and it greatly reshaped the way people live and work. Now that we have reached 2021, here are some key highlights that Zyxel observed and would urge businesses of today to pay attention to. Till now, we have not seen signs of the COVID-19 pandemic slowing…
CVE-2019-16622 Network configuration management utility, rConfig is vulnerable to unauthenticated remote command execution (Vulnerable version: rConfig version prior to 3.9.2) rConfig is the popular network management utility for IT staffs to take multiple configuration snapshots of their networks devices. A cybersecurity…
CVE-2019-15107Webmin is vulnerable to unauthenticated remote command execution(Vulnerable version: Webmin version 1.882 to 1.921) Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several…
CVE-2019-9670Vulnerable Zimbra from 8.5 to 8.7.11 Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability. Impact: This vulnerability could allow an attacker to RCE on an affected Zimbra system. The XML external entity vulnerability in the…
Vulnerable TLS1.2 with CBC cipher suite Zombie POODLE and GOLDENDOODLE are similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the…
CVE-2019-5786 Vulnerable Google Chrome before 72.0.3626.121 On March 1st, Google published an advisory for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). The exploit leads to code execution in the Renderer process, and a second exploit was used to fully compromise the host system.…
CVE-2019-0708 Vulnerable Windows OS: XP, Vista, 7, Server 2003, and Server 2008 When an unauthenticated attacker connects to the target system using RDP and sends a specially crafted request, they can execute a remote code vulnerability that exists in Remote Desktop Services on older Windows OS versions. This allows the…
It looks like you're new here. Sign in or register to get started.