News - Page 21 of 26 - UZCERT xizmati

Computer Emergency
Response Team

News

Warning About WordPress Security Vulnerability!

A new security vulnerability has been discovered in the Gutentor plugin for WordPress. This issue allows attackers to inject malicious scripts into the site. The script automatically executes whenever a compromised page is opened, posing a significant risk to website…

News

RCE Vulnerability in Veeam Service Provider Allows Attackers to Execute Arbitrary Code

Veeam, a leading technology company in data backup and system recovery, has recently identified two significant vulnerabilities in its Service Provider Console (VSPC) software. Among these, a critical Remote Code Execution (RCE) vulnerability poses a severe threat to system security.…

News

Surge in Cyberattacks on Cisco’s VPN System

Cisco has confirmed that a cross-site scripting (XSS) vulnerability in its Adaptive Security Appliance (ASA) software is actively being exploited in the wild. This vulnerability, registered as CVE-2014-2120, was first discovered in 2014 but remains a significant threat. Exploiting this…

News

Critical Vulnerabilities Discovered in IBM Security Verify Access

IBM (International Business Machines Corporation) is one of the world’s largest technology companies, founded in 1911 in the United States. The company provides advanced solutions in various fields, including IT infrastructure, artificial intelligence, cybersecurity, data analytics, and cloud technologies. IBM…

News

Vulnerability in Active Directory Certificate Services Allows Attackers to Escalate Privileges

A critical vulnerability has been discovered in Microsoft’s Active Directory Certificate Services (AD CS). This vulnerability enables attackers to escalate privileges within the system and potentially gain control at the domain administrator level. The vulnerability was identified by TrustedSec in…

News

SQL Injection in Zabbix Allows Complete System Takeover

Zabbix, a widely used open-source monitoring tool for networks and systems, has recently been found to contain a critical security vulnerability. This flaw could enable attackers to gain complete control over affected systems. The vulnerability, identified as CVE-2024-42327, affects multiple…

News

Vulnerability discovered in NVIDIA UFM systems allows unauthorized access to the system

NVIDIA UFM (Unified Fabric Manager) is a network management system developed by NVIDIA, designed for high-performance computing and data centers. UFM is used for managing, monitoring, and configuring network infrastructure. The UFM system provides various features to improve performance and…

News

WordPress Plugin Vulnerability Puts 200,000 Sites at Risk

On October 30, 2024, a critical vulnerability was discovered in the Anti-Spam by CleanTalk WordPress plugin, potentially affecting more than 200,000 active installations. This vulnerability allows attackers to install, activate, or delete plugins without authorization, which can lead to remote…

News

Remote code execution vulnerabilities discovered in Veritas Enterprise Vault

Veritas Enterprise Vault (EV) is a software platform designed for enterprises that enables centralized archiving and management of corporate data, including emails, files, social media content, voicemails, and other information. EV is widely used in industries such as legal, finance,…

News

Decade-Old Vulnerabilities in Ubuntu Server Allow Attackers to Gain Root Access

Several decade-old Local Privilege Escalation (LPE) vulnerabilities found in the needrestart component, installed by default in Ubuntu Server, allow local attackers to gain root access on the system. Needrestart is a utility that checks whether the system needs to be…