vulnerabilities - The Stack (Page 5)

Zero day in free Roundcube webmail service exploited to target governments

Despite the low sophistication of the group’s toolset, it is a threat to governments in Europe because... a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities.”

Steve Ranger October 27, 2023

Cisco

Cybersecurity

News

CVSS 10 Cisco bug is getting exploited, has no patch

"We have also seen devices... getting the implant successfully installed through an as of yet undetermined mechanism."

Edward Targett October 17, 2023

Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Edward Targett October 11, 2023

Buffer overflow bug gives root on potentially millions of Linux boxes

open source

Cybersecurity

News

Buffer overflow bug gives root on potentially millions of Linux boxes

Do you, or do you not, need to get your knickers in a twist? Well, that depends on your risk tolerance..

Edward Targett October 03, 2023

News

CVSS

Academics warn over "problematic metrics and documentation" in CVSS system

A study out of Germany has highlighted shortcomings in the CVSS system and the way security vulnerabilities are assessed and scored

Shaun Nichols September 01, 2023

Subdomain hijacking holes run rampant, say experts

News

Cloud

Subdomain hijacking holes run rampant, say experts

The little-known hacking technique of subdomain hijacking is threatening thousands of sites and their visitors despite efforts to eradicate

Shaun Nichols August 31, 2023

Adobe patch nightmare: Trio of application server vulnerabilities being exploited

Want to let criminals “query your databases, add/change/delete files, export data or files off your server”? No, then you should probably be paying close attention to whether you are running Adobe ColdFusion and if you are exposed...

Edward Targett August 22, 2023