Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions
The hippie culture fueled by cannabis use was about peace and love, no more war, and as Cheech and Chong would say, “Heyyyyyyy man, why can’t we all just get along”. Fast forward to 2022, and now you have a worldwide cannabis legalization movement that is moving forward at different rates around the world, but from state-by-state legalization in America, to recreational legalization at the country level like in Canada and soon-to-be Germany, the peaceful plant is making its mellow and anti-war sentiment felt.
More than 100,000 infusion pumps were found susceptible to severe vulnerabilities that were disclosed roughly three years ago, according to researcher at Palo Alto Networks’ Unit 42.
Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a
An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or
Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.
As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack.
The weaknesses were identified and reported by JFrog's Security Research team, following which the project maintainers released
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild.
Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra