Zyxel addressed a critical RCE flaw in its NAS devices

Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […]

Continue Reading

GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases

DevOps platform GitLab fixed a critical remote code execution flaw in its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. DevOps platform GitLab has released security updates to fix a critical remote code execution vulnerability, tracked as CVE-2022-2884 (CVSS 9.9), affecting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. An authenticated attacker […]

Continue Reading

PoC exploit code for critical Realtek RCE flaw released online

Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. The issue resides in the Realtek’s SDK for […]

Continue Reading

DogWalk et plusieurs vulnérabilités dans Exchange | Blog officiel de Kaspersky

Le Patch Tuesday d’août corrige plus d’une centaine de vulnérabilités Microsoft. Certaines requièrent une attention spéciale de la part des professionnels en cybersécurité. Parmi elles, 17 failles sont classées comme critiques, et deux sont de type zero-day. Au moins une vulnérabilité est déjà activement exploitée, donc il vaut mieux ne pas remettre à plus tard […]

Continue Reading

Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries. Yesterday, August 11, CISA has […]

Continue Reading