Posts tagged Vulnerability Disclosure

13 min Vulnerability Disclosure

Multiple Open Source Web App Vulnerabilities Fixed

While it's never great to learn of new vulnerabilities in your own product, all three project maintainers accepted, validated, and provided fixes for these vulnerabilities within one day, which is amazing when it comes to vulnerability disclosure.

8 min Vulnerability Disclosure

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers.

2 min Detection and Response

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.

8 min Vulnerability Disclosure

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.

4 min Vulnerability Disclosure

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.

4 min Vulnerability Disclosure

Patch Tuesday Dashboard Template Release

Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these patches is often challenging.

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

4 min Vulnerability Disclosure

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function."

3 min Vulnerability Disclosure

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.

9 min Vulnerability Disclosure

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.

3 min Vulnerability Disclosure

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.

4 min Vulnerability Management

May 2020 Cisco Remote Vulnerabilities Guidance

Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.

17 min Vulnerability Disclosure

Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities

In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.

4 min Vulnerability Disclosure

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.

2 min Vulnerability Disclosure

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.