Security News

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
2024-11-20 19:04

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]

Cisco bug lets hackers run commands as root on UWRB access points
2024-11-06 19:34

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide...

QNAP patches second zero-day exploited at Pwn2Own to get root
2024-10-30 17:36

QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time
2024-10-22 17:02

If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise...

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk
2024-10-17 05:18

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability,...

Critical default credential in Kubernetes Image Builder allows SSH root access
2024-10-16 21:58

It's called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default...

Critical Kubernetes Image Builder flaw gives SSH root access to VMs
2024-10-16 16:58

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. [...]

VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
2024-09-17 20:50

Bug reports made in China Broadcom has emitted a pair of patches for vulnerabilities in VMware vCenter Server that a miscreant with network access to the software could exploit to completely...

Cisco fixes root escalation vulnerability with public exploit code
2024-09-04 18:33

Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. [...]

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks
2024-08-12 06:57

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign devices to take over their VPN sessions.