2020, Authentication and Blog

CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

Tenable

OCTOBER 27, 2023

A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. At the time their initial blog post was released, no CVE identifier was provided, however, Praetorian noted that additional technical details would be released once a patch was available from F5.

Authentication

Authentication Software Review Technical Review Systems Review

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

Synopsys

DECEMBER 17, 2020

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. The post CyRC analysis: Authentication bypass vulnerability in Bouncy Castle appeared first on Software Integrity Blog. It allows attackers to bypass password checks.

Authentication

Authentication Analysis Software Research

CVE-2020-6207: Proof of Concept Available for Missing Authentication Vulnerability in SAP Solution Manager

Tenable

JANUARY 22, 2021

A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems. It was originally patched in March 2020 as part of SAP’s Security Patch Day. RECALL : CVE-2020-6207 evokes memories of RECON vulnerability. Background.

Authentication

Authentication Software Review Systems Review Research

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

Tenable

JANUARY 23, 2024

CVE Description CVSSv3 CVE-2024-0204 Fortra GoAnywhere MFT Authentication Bypass Vulnerability 9.8 Successful exploitation would allow an attacker to bypass authentication to create new users, including a user with administrator privileges. ai published a blog post analyzing CVE-2024-0204. and below 7.4.1

Authentication

Authentication Research Groups Analysis

CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed

Tenable

NOVEMBER 17, 2020

frycos (@frycos) November 11, 2020. frycos (@frycos) November 16, 2020. Despite Hauser’s tweet describing 12 vulnerabilities, it appears that two of the CVEs, CVE-2020-27130 and CVE-2020-27131, encompass multiple vulnerabilities, which is why there isn’t a direct one to one match as far as CVEs are concerned. out of 10.0.

Authentication

Authentication LAN Firewall Research

CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed

Tenable

NOVEMBER 4, 2020

SaltStack recommends immediate patching after their disclosure of three new vulnerabilities, two of which are rated critical and can be remotely exploited without authentication.". CVE-2020-16846 is a critical shell injection vulnerability in the netapi Salt SSH client. Background. Image Source: SaltStack Github Repository.

Authentication

Authentication Software Review Systems Review Analysis

CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin

Tenable

SEPTEMBER 1, 2020

On September 1, we published TRA-2020-51 , a Tenable Research Advisory for two vulnerabilities in the Magento Mass Import (MAGMI) plugin. CVE-2020-5776 is a cross-site request forgery (CSRF) vulnerability in MAGMI for Magento. CVE-2020-5777 is an authentication bypass vulnerability in MAGMI for Magento version 0.7.23

PHP

PHP Authentication Software Review Systems Review

CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors

Tenable

APRIL 8, 2021

CVE-2020-12812. Improper Authentication (FortiOS). This blog post was published on April 8 and reflects VPR at that time. This vulnerability is a pre-authentication flaw, which means an attacker does not need to be authenticated to the vulnerable device in order to exploit it. CVE-2019-5591.

Authentication

Authentication Systems Review Research Groups

Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)

Tenable

DECEMBER 8, 2020

The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2020 Patch Tuesday release, including 9 CVEs rated as critical. CVE-2020-25705 | Windows DNS Resolver Spoofing Vulnerability.

Software Review

Software Review Windows Systems Review Azure

AWS IAM to Authenticate Against RDS Instances & Aurora Clusters

Datavail

FEBRUARY 26, 2020

You can use IAM DB authentication to authenticate your RDS instance or Aurora cluster without a password. It uses an AWS-generated token for authentication. What if there is a feature that generates a random password, authenticates to the database and this password is only valid for a few minutes? Create IAM policy.

Authentication

Authentication AWS Policies Resources

CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities

Tenable

OCTOBER 12, 2020

CVE-2020-1631. CVE-2020-2021. CVE-2020-5902. CVE-2020-15505. CVE-2020-1472. This blog post was published on October 12 and reflects VPR at that time. Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. MobileIron.

WAN

WAN Authentication Government Network

CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild

Tenable

MAY 3, 2020

CVE-2020-11651 is an authentication bypass in two methods of the ClearFuncs class. The second method, _prep_auth_info() allows for the remote execution of commands on the master server as an attacker can obtain the “root key,” which is used to authenticate commands on the master server from a local machine. are vulnerable.

Technical Advisors

Technical Advisors Open Source Software Review Systems Review

CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability

Tenable

OCTOBER 15, 2020

Researchers disclose a critical pre-authentication vulnerability in the SonicWall VPN Portal that is easily exploitable. On October 12, SonicWall published a security advisory (SNWLID-2020-0010) to address a critical vulnerability in SonicOS that could lead to remote code execution (RCE). CVE-2020-5133. SNWLID-2020-0008.

Authentication

Authentication Research Firewall Network

CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution

Tenable

FEBRUARY 25, 2020

CVE-2020-0688 is a static key vulnerability in Microsoft Exchange Control Panel (ECP), a component of Microsoft Exchange Server. The use of static keys could allow an authenticated attacker with any privilege level to send a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary code execution.

Authentication

Authentication Research Open Source Tools

CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild

Tenable

MARCH 17, 2020

CVE-2020-8467 is a vulnerability in Apex One and OfficeScan in a component of a migration tool. A remote, authenticated attacker could exploit this vulnerability and gain arbitrary code execution on affected Apex One and OfficeScan installations. March 16, 2020: Trend Micro Security Bulletin for Apex One and OfficeScan.

Trends

Trends Software Review Systems Review Authentication

CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability

Tenable

NOVEMBER 9, 2022

CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability. Citrix ADC and Gateway Authentication Bypass Vulnerability. Background. CVE-2022-27510. CVE-2022-27513. CVE-2022-27516.

Authentication

Authentication Virtualization Healthcare Network

Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087

Tenable

NOVEMBER 10, 2020

Microsoft patched 112 CVEs in the November 2020 Patch Tuesday release, including 17 CVEs rated as critical. CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system.

Windows

Windows Software Review Azure Systems Review

Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)

Tenable

APRIL 14, 2020

Microsoft's April 2020 Patch Tuesday includes 113 CVEs, including a patch for two zero-day flaws (CVE-2020-0938 and CVE-2020-1020) in Adobe Type Manager Library disclosed on March 23. CVE-2020-1020 and CVE-2020-0938 | Adobe Type Manager Library Remote Code Execution Vulnerabilities.

Software Review

Software Review Systems Review Windows Operating System

CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). On September 11, researchers at Secura published a blog post for a critical vulnerability they’ve dubbed “Zerologon.” Image source: Secura CVE-2020-1472 Whitepaper. Background.

Windows

Windows LAN Backup Authentication

CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed

Tenable

SEPTEMBER 10, 2020

PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw. CVE-2020-2040 is a critical buffer overflow vulnerability in PAN-OS when either the Captive Portal or Multi-Factor Authentication (MFA) feature has been enabled. CVE-2020-2036.

Software Review

Software Review Systems Review Authentication Firewall

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

Tenable

FEBRUARY 9, 2024

On February 7, researchers at Fortinet published a blog post highlighting the exploitation of CVE-2022-42475 and CVE-2023-27997 by Chinese threat groups including Volt Typhoon , APT15 (also known as Ke3chang) and APT31 (also known as ZIRCONIUM) as well as UNC757 ( also known as Fox Kitten), which has a “suspected nexus to the Iranian government.”

Malware

Malware Authentication Infrastructure Analysis

CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild

Tenable

OCTOBER 29, 2020

Johannes Ullrich, Dean of Research at SANS Internet Storm Center (ISC), published a post disclosing active exploitation of a critical vulnerability in Oracle WebLogic Server just over a week after a patch was released in Oracle’s October 2020 Critical Patch Update (CPU). In March, Jang confirmed that CVE-2020-2555 was not completely fixed.

Research

Research Analysis Authentication Report

CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild

Tenable

APRIL 20, 2021

In addition to the advisory, Pulse Secure also published a blog post detailing observed exploit behavior related to the zero-day as well others linked to previously disclosed vulnerabilities in its Pulse Connect Secure solution. Pulse Connect Secure Authentication Bypass Vulnerability. CVE-2020-8243. Authenticated.

Authentication

Authentication Malware Research Government

CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day

Tenable

NOVEMBER 5, 2020

On November 2, researchers at FireEye published a blog post detailing findings from a Mandiant incident response investigation that led to the discovery of an uncharacterized (UNC) group they refer to as UNC1945. On November 4, FireEye published a follow-up blog post providing additional details about the vulnerability. Background.

Authentication

Authentication Research Software Review Systems Review

How to Stop the Kerberos Pre-Authentication Attack in Active Directory

Tenable

APRIL 27, 2021

Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication. As part of the Kerberos authentication process in Active Directory, there is an initial request to authenticate without a password. User account configured to not require Kerberos Pre-Authentication.

Authentication

Authentication How To Course Strategy

Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)

Tenable

OCTOBER 13, 2020

Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 CVEs rated critical. CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability. CVE-2020-16898 , dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack.

Windows

Windows Software Review Systems Review Advertising

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild

Tenable

APRIL 12, 2024

While no specific details about these attacks were available at the time this blog was published, researchers at Volexity are credited with discovering the flaw. CVE-2020-2021 , a critical authentication bypass vulnerability in PAN-OS, which also received a CVSSv3 score of 10.0,

Network

Network Firewall Software Review Systems Review

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server JAVA Disclosed (RECON)

Tenable

JULY 14, 2020

CVE-2020-6287 is caused by a complete lack of authentication in the SAP NetWeaver AS Java’s LM Configuration Wizard. CVE-2020-6286 is a path traversal vulnerability due to the lack of input validation for a path in a “certain parameter” of the web service. SAP Security Patch Day for July 2020. Proof of concept.

Applications

Applications Software Review Systems Review Authentication

Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates

Tenable

OCTOBER 21, 2020

On October 20, Oracle released the Critical Patch Update (CPU) Advisory for October 2020 , its final quarterly release of security patches for the year. This quarter’s update marks the second-highest count in Oracle CPUs, surpassed only by the July 2020 update which holds the record with over 440 patches. Notable Vulnerabilities.

Systems Review

Systems Review Applications Construction Insurance

Patch Tuesday: October 2020

Kaseya

OCTOBER 14, 2020

Moderate A vulnerability that is mitigated to a significant degree by certain factors such as default configuration, auditing and authentication requirements. Patch Tuesday October 2020 Updates. See this month’s release notes at the bottom of this blog.). Microsoft recommends that customers consider applying the security update.

Windows

Windows Authentication Operating System Media

Patch Tuesday: October 2020

Kaseya

OCTOBER 14, 2020

Moderate A vulnerability that is mitigated to a significant degree by certain factors such as default configuration, auditing and authentication requirements. Patch Tuesday October 2020 Updates. See this month’s release notes at the bottom of this blog.). Microsoft recommends that customers consider applying the security update.

Windows

Windows Authentication Operating System Media

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways

Tenable

JANUARY 10, 2024

CVE Description CVSSv3 CVE-2023-46805 Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability 8.2 Analysis CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti Connect Secure (ICS), previously known as Pulse Connect Secure and Ivanti Policy Secure.

Policies

Policies Authentication Analysis Network

CVE-2020-8597: Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd)

Tenable

MARCH 6, 2020

CVE-2020-8597 is a buffer overflow vulnerability in pppd due to a logic flaw in the packet processor of the Extensible Authentication Protocol (EAP). At the time this blog post was published, there was no working proof-of-concept (PoC) for this vulnerability. RHSA-2020:0631. RHSA-2020:0630. RHSA-2020:0634.

Software Review

Software Review Systems Review Linux Authentication

CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server

Tenable

OCTOBER 2, 2023

This blog post was published on October 2 and reflects VPR at that time. An unauthenticated (or pre-authenticated) attacker could exploit this vulnerability by sending a specially crafted POST request to a vulnerable WS_FTP Server. Critical CVE-2023-42657 WS_FTP Directory Traversal Vulnerability 9.9 WS_FTP Server 2022 2022.0.2

Software Review

Software Review Software Systems Review Authentication

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

Tenable

MAY 9, 2024

In order to exploit this vulnerability, the vulnerable target system needs to be configured with Lightweight Directory Access Protocol (LDAP) for user authentication. Successful exploitation would result in the disclosure of sensitive information, including password hashes and the administrator password hash.

Research

Research Authentication Report Analysis

CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively Exploited

Tenable

JULY 6, 2020

CVE-2020-5902 is a critical vulnerability in the BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility. CVE-2020-5903 is a cross-site scripting vulnerability in TMUI/Configuration Utility. Ben Goerz (@bengoerz) July 4, 2020. MegaZone (@megazone) July 4, 2020. the highest possible score.

Software Review

Software Review Technical Review Systems Review Research

CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors

Tenable

DECEMBER 8, 2020

The vulnerability was disclosed by the NSA to VMware, which published details in a security advisory, VMSA-2020-0027.2 , on November 23. CVE-2020-4066 is a command injection vulnerability in the administrative configurator component in certain versions of VMware products. Exploiting CVE-2020-4006 to access protected data.

Linux

Linux Software Review Systems Review Windows

CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability

Tenable

JULY 25, 2023

It was formerly known as MobileIron Core prior to its acquisition by Ivanti in 2020. CVE Description CVSSv3 Severity CVE-2023-35078 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability 10.0 CVE Description CVSSv3 Severity CVE-2023-35078 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability 10.0

Mobile

Mobile Knowledge Base Authentication Government

CVE-2023-4966: Citrix NetScaler ADC?and NetScaler Gateway Information Disclosure Exploited in the Wild

Tenable

OCTOBER 18, 2023

On October 17, Mandiant released a blog post and remediation guidance document where they noted that exploitation of a zero-day vulnerability, later identified as CVE-2023-4966, was observed in late August. Successful exploitation allows the attacker to bypass multifactor authentication (MFA) requirements. and later releases of 13.0

Systems Review

Systems Review Software Review Authentication Virtualization

VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)

Tenable

APRIL 7, 2022

OAuth2 ACS Authentication Bypass Vulnerability. OAuth2 ACS Authentication Bypass Vulnerability. CVE-2022-22955 and CVE-2022-22956 are a pair of authentication bypass vulnerabilities in the OAuth 2.0 endpoints in VMware Workspace ONE in order to successfully authenticate to the Workspace ONE instance. Description.

Authentication

Authentication Research Analysis Cloud

CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall Exploited in the Wild

Tenable

APRIL 27, 2020

CVE-2020-12271 is a pre-authentication SQL injection vulnerability that exists in the Sophos XG Firewall/Sophos Firewall Operating System (SFOS). There was no proof-of-concept (PoC) available for this vulnerability at the time this blog post was published. Further information about this vulnerability has not been made public.

Firewall

Firewall WAN Operating System Systems Review

Altro has raised $18M to help you build credit just by paying for your Netflix subscription

TechCrunch

MAY 12, 2022

The company attended pitch competition after pitch competition, raising about a total of $100,000, until one day in the summer of 2020 an analyst for musician Jay-Z’s Marcy Ventures happened to be in the audience. By 2021, the app had gone viral after Jay-Z’s Marcy Ventures wrote a blog post about it. “We Image Credits: Altro.

Education

Education Marketing Authentication Video

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

Tenable

JUNE 12, 2023

On June 11, Fol tweeted about the availability of patches for the flaw, adding that it is “reachable pre-authentication, on every SSL VPN appliance.” This is reachable pre-authentication, on every SSL VPN appliance. In the blog, Fortinet notes that CVE-2023-27997 “may have been exploited in a limited number of cases.”

Firewall

Firewall Authentication Research Groups

Cisco Patches Multiple Flaws in Adaptive Security Appliance and Firepower Threat Defense (CVE-2020-3187)

Tenable

MAY 7, 2020

CVE-2020-3187. CVE-2020-3195. CVE-2020-3179. CVE-2020-3191. CVE-2020-3196. CVE-2020-3254. CVE-2020-3283. CVE-2020-3298. CVE-2020-3189. CVE-2020-3125. Authentication Bypass. CVE-2020-3255. CVE-2020-3259. Source: Cisco CVE-2020-3187 Advisory. Memory Leak.

Authentication

Authentication System Operating System Software

CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

Webinars

Trending Sources

CVE-2020-6207: Proof of Concept Available for Missing Authentication Vulnerability in SAP Solution Manager

Webinars

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed

CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed

CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin

CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors

Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)

AWS IAM to Authenticate Against RDS Instances & Aurora Clusters

CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities

CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities Exploited in the Wild

CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability

CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution

CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild

CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability

Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087

Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)

CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild

CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild

CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day

How to Stop the Kerberos Pre-Authentication Attack in Active Directory

Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server JAVA Disclosed (RECON)

Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates

Patch Tuesday: October 2020

Patch Tuesday: October 2020

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways

CVE-2020-8597: Buffer Overflow Vulnerability in Point-to-Point Protocol Daemon (pppd)

CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively Exploited

CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors

CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability

CVE-2023-4966: Citrix NetScaler ADC?and NetScaler Gateway Information Disclosure Exploited in the Wild

VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)

CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall Exploited in the Wild

Altro has raised $18M to help you build credit just by paying for your Netflix subscription

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)

Cisco Patches Multiple Flaws in Adaptive Security Appliance and Firepower Threat Defense (CVE-2020-3187)

Stay Connected