Oct 09, 2023NewsroomVulnerability / IoT Security Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. “An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and […]
Oct 06, 2023NewsroomServer Security / Vulnerability Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, […]
Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284 to CVE-2023-40290) could allow remote attackers to gain root access to the BMC system, firmware supply chain security firm Binarly, which identified the bugs, explains. A special chip on server […]
The vulnerabilities, collectively known as “ShellTorch,” have been patched in the latest version of TorchServe (0.8.2), hence, developers are encouraged to update to ensure their systems are secure.
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
The vulnerabilities are caused by heap buffer overflow weaknesses in open-source libraries used by the products, and they can lead to crashes or arbitrary code execution.
Google on Monday announced the release of patches for 51 vulnerabilities as part of the October 2023 security updates for Android, including fixes for two zero-day flaws exploited in malicious attacks. The first of the exploited issues is CVE-2023-4863 (CVSS score of 8.8), a heap buffer overflow in the Libwebp library that leads to an […]
One of the vulnerabilities allows remote unauthenticated attackers to execute code in the context of the service account. The other two vulnerabilities patched include a remote code execution bug and an information disclosure issue.