Security
Headlines
HeadlinesLatestCVEs

Headline

Massive Zero-Day Hole Found in Palo Alto Security Appliances

Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.

Threatpost
#Cloud Security#Vulnerabilities#Web Security#ddos#Vulnerabilities#Web Security#vulnerability

Related news

CVE-2021-29212: Document Display | HPE Support Center

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

CVE-2021-20031: Security Advisory

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

Apache Web Server Zero-Day Exposes Sensitive Data

The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.

CVE-2019-3976: MikroTik RouterOS Multiple Vulnerabilities - Research Advisory | Tenable®

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.

Threatpost: Latest News

Student Loan Breach Exposes 2.5M Records