tldrdaily.news logo
Tag

Patch Management

All articles tagged with #patch management

technology7 months ago

Over 46,000 Grafana Instances Vulnerable to Account Takeover

Over 46,000 Grafana instances remain unpatched despite a critical vulnerability (CVE-2025-4123) that allows attackers to execute malicious plugins and hijack accounts through a client-side open redirect flaw. The vulnerability, discovered by Alvaro Balada and addressed in May, affects multiple versions, but many remain vulnerable, posing a significant security risk. Upgrading to the latest secure versions is recommended to mitigate potential exploits.

via BleepingComputer|
#account-takeover#cve-2025-4123#grafana
cybersecurity2 years ago

"Cisco Patches Critical Vulnerability in Unity Connection Software"

Cisco has released software updates to fix a critical vulnerability (CVE-2024-20272) in its Unity Connection software that could allow attackers to execute arbitrary commands on the system. The flaw, discovered by security researcher Maxim Suslov, affects versions 12.5 and earlier, as well as version 14. Users are advised to update to the fixed versions to mitigate potential threats. Additionally, Cisco has addressed 11 medium-severity vulnerabilities in its software, but will not release a fix for a command injection bug in WAP371 due to end-of-life status, recommending customers to migrate to the Cisco Business 240AC Access Point.

via The Hacker News|
#cisco#cve-2024-20272#cybersecurity
cybersecurity2 years ago

"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six known exploited vulnerabilities, including high-severity flaws affecting Apple, Apache, Adobe, D-Link, and Joomla, with evidence of active exploitation. These vulnerabilities pose risks such as remote code execution and improper access control. CISA has urged federal agencies to apply patches to secure their networks against these active threats by January 29, 2024.

via The Hacker News|
#cisa#cybersecurity#exploitation