Sophos fixes SQL injection vulnerability in their Cyberoam OS

Posted by & filed under Ειδοποιήσεις.

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Sophos purchased firewall and router maker Cyberoam Technologies in 2014 and has been offering free upgrades to their XG Firewall OS since 2019. Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam (CROS)… Read more »

VMware fixes zero-day vulnerability reported by the NSA

Posted by & filed under Ειδοποιήσεις.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago. While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help… Read more »

VMware discloses critical zero-day vulnerability in Workspace One

Posted by & filed under Ειδοποιήσεις.

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild… Read more »

Oracle issues emergency patch for critical WebLogic Server flaw

Posted by & filed under Ειδοποιήσεις.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security vulnerability tracked as CVE-2020-14750 received a 9.8 severity base score from Oracle, out of a maximum rating of 10. Oracle credits 20 organizations and people in the security advisory for having provided information… Read more »

Cisco warns of attacks targeting high severity router vulnerability

Posted by & filed under Ειδοποιήσεις.

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco… Read more »