Tag: authentication bypass vulnerability

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

The Register: Palo Alto firewalls under attack as miscreants chain flaws for root access

Feb 19, 2025

—

by

Source URL: https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ Source: The Register Title: Palo Alto firewalls under attack as miscreants chain flaws for root access Feedly Summary: If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two…

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

Feb 18, 2025

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for…

Bulletins: Vulnerability Summary for the Week of February 3, 2025

Feb 10, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…

Bulletins: Vulnerability Summary for the Week of December 16, 2024

Jan 27, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Dec 6, 2024

—

by

Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/ Source: The Register Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files Feedly Summary: Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive…

Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

Nov 18, 2024

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…

Bulletins: Vulnerability Summary for the Week of October 28, 2024

Nov 4, 2024

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

Nov 4, 2024

—

by