Posts tagged Vulnerability Disclosure

8 min Vulnerability Disclosure

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers.

Read Full Post

2 min Detection and Response

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.

Read Full Post

8 min Vulnerability Disclosure

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.

Read Full Post

4 min Vulnerability Disclosure

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.

Read Full Post

4 min Vulnerability Disclosure

Patch Tuesday Dashboard Template Release

Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these patches is often challenging.

Read Full Post

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

Read Full Post

4 min Vulnerability Disclosure

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function."

Read Full Post

3 min Vulnerability Disclosure

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.

Read Full Post

9 min Vulnerability Disclosure

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.

Read Full Post

3 min Vulnerability Disclosure

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.

Read Full Post

4 min Vulnerability Management

May 2020 Cisco Remote Vulnerabilities Guidance

Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.

Read Full Post

17 min Vulnerability Disclosure

Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities

In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.

Read Full Post

4 min Vulnerability Disclosure

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.

Read Full Post

2 min Vulnerability Disclosure

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.

Read Full Post

4 min IoT

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.

Read Full Post

• 1
• 2
• 3
• 4
• 5
• 6
• ...