The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnerabilities are listed below -
CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers.
"The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,"
Two critical security flaws discovered in the open-sourceΒ CasaOSΒ personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.
The vulnerabilities, tracked asΒ CVE-2023-37265Β andΒ CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.
Sonar security researcher Thomas Chauchefoin, who discovered the bugs,Β
Multiple critical security flaws have been reported inΒ Ivanti Avalanche, an enterprise mobile device management solution thatβs used by 30,000 organizations.
The vulnerabilities, collectively tracked asΒ CVE-2023-32560Β (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0.
Cybersecurity company TenableΒ saidΒ the shortcomings are the result of buffer
Login
FreshRSS