Security News

More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches.

Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks."Using BinaryEdge source data, we scanned SonicWall firewalls with management interfaces exposed to the internet and found that 76% are vulnerable to one or both issues," said Jon Williams, a Senior Security Engineer at Bishop Fox.

Juniper Networks has fixed a critical pre-authentication remote code execution vulnerability in Junos OS on SRX firewalls and EX switches.CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat actor to carry out a denial-of service attack, an RCE attack, or gain root privileges on exposed devices.

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated...

Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. CISA also warned in November of a Juniper pre-auth RCE exploit used in the wild, chaining four bugs tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 and impacted the company's SRX firewalls and EX switches.

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update.

A blind SQL injection vulnerability in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution.Cacti is often used in network operation centers of telecoms and web hosting providers, to collect network performance data and store it in RRDtool, a logging and graphing database and system that, through a web interface, creates graphical representations of the collected data.

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Apache released a fix that was incomplete for the NameServer component in RocketMQ and continued to affect versions 5.1 and older of the distributed messaging and streaming platform.

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Online URL. The researchers further said those scanning vulnerable servers are particularly interested in finding vulnerable Confluence servers.

Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management solution.As Ivanti explained on Wednesday, these security flaws are due to WLAvalancheService stack or heap-based buffer overflow weaknesses reported by Tenable security researchers and Trend Micro's Zero Day Initiative.