π¨ Security Alert! Critical vulnerability found in ruby-saml package (CVE-2015-20108). If you're using versions < 1.0.0, upgrade now! Details:
https://github.com/advisories/GHSA-r364-2pj4-pf7f #CyberSecurity #RubySAMLPackage #CVE201520108
CVE-2015-20108 - GitHub Advisory Database
ruby-saml vulnerable to XPath injection
π¨ ALERT: Critical SSRF Vulnerability (CVE-2021-33690) discovered in
#SAPNetWeaver. High risk, CVSS score 9.9. Users of versions 7.11 to 7.50, apply SAP's approved patches immediately. Stay vigilant. More info:
https://redrays.io/cve-2021-33690-server-side-request-forgery-vulnerability/ #CyberSecurity #SSRF #Vulnerability
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute proxy attacks, potentially compromising sensitive server data. Learn more about this vulnerability, its implications, and RedRays' commitment to robust cybersecurity solutions.
π
#SecurityAlert: New critical vulnerability in
#ImageMagick allows remote command injection (CVE-2023-34152). If you're running ImageMagick on your servers, apply the patch now! π‘οΈ Stay safe, stay updated.
#CyberSecurity #CVE202334152https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
CVE-2023-34152: Shell Command Injection Bug Affecting ImageMagick
CVE-2023-34152 is an ominous manifestation of remote code execution (RCE) vulnerability in OpenBlob when configured with --enable-pipes
π¨WordPress is force installing a critical security patch for the Jetpack plug-in on 5M+ sites. Already 4.13M+ sites updated. Be sure to check your version! Stay safe, keep updated.
#WordPress #CyberSecurity #Jetpackhttps://www.bleepingcomputer.com/news/security/wordpress-force-installs-critical-jetpack-patch-on-5-million-sites/
WordPress force installs critical Jetpack patch on 5 million sites
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.
π
#WordPress users, stay secure! The May 2023 vulnerability & patch roundup is out. Key vulnerabilities in plugins like Elementor, Advanced Custom Fields Pro & more have been patched. Stay informed, update regularly. Full details π
https://blog.sucuri.net/2023/05/wordpress-vulnerability-patch-roundup-may-2023.html #CyberSecurity #InfoSec
WordPress Vulnerability & Patch Roundup May 2023
A roundup of the top WordPress plugin vulnerabilities and patch updates for May, 2023. Core WordPress update is also available which patches several bugs and vulnerabilities. Update now to mitigate risk.
β οΈ
#SecurityAlert: Critical vulnerabilities discovered in
#Moxa's MXsecurity Series. Could allow unauthorized users to bypass authentication or execute commands. Upgrade to software v1.0.1 or higher ASAP!
https://www.cisa.gov/news-events/ics-advisories/icsa-23-145-01#CyberSecurity #InfoSec #SecurityUpdateβ οΈ
#SecurityAlert: Critical vulnerabilities found in Zyxel firewall and VPN products. Both are buffer overflow issues allowing potential remote code execution or DoS attacks. Apply the latest patches now!
https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-vulnerabilities-in-firewall-and-vpn-devices/#CyberSecurity #InfoSec #ZyxelSecurityUpdate
Zyxel warns of critical vulnerabilities in firewall and VPN devices
Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication.
#BarracudaESG Alert! A zero-day vulnerability (CVE-2023-2868) was exploited and has been patched. If impacted, check your ESG interface for instructions and review your networks for compromises. Stay safe! More details:
https://securityaffairs.com/146620/hacking/barracuda-email-security-gateway-bug.html #Cybersecurity #ZeroDay Barracuda Email Security Gateway (ESG) hacked via zero-day bug
Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for [β¦]
π
#SecurityUpdate Alert!
@dell has released DSA-2023-187 update addressing vulnerabilities in Avamar, NVE, and PowerProtect DP Series Appliances. Ensure your systems are protected and check out the update here:
https://www.dell.com/support/kbdoc/tr-tr/000213738/dsa-2023-187 #CyberSecurity #DellSecureDSA-2023-187 Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities (OS Security Rollup 2023R1) | Dell Deutschland
π¨
#GitLab users! Critical security flaw (CVE-2023-2825) identified in version 16.0.0 could allow unauthenticated users access to sensitive data. Upgrade immediately to version 16.0.1, which patches this vulnerability. Details π
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/ #Cybersecurity #CVE20232825
GitLab Critical Security Release: 16.0.1
Learn more about GitLab Critical Security Release: 16.0.1 for GitLab Community Edition (CE) and Enterprise Edition (EE).
