News - Page 24 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Vulnerability in Active Directory Certificate Services Allows Attackers to Escalate Privileges

A critical vulnerability has been discovered in Microsoft’s Active Directory Certificate Services (AD CS). This vulnerability enables attackers to escalate privileges within the system and potentially gain control at the domain administrator level. The vulnerability was identified by TrustedSec in…

News

SQL Injection in Zabbix Allows Complete System Takeover

Zabbix, a widely used open-source monitoring tool for networks and systems, has recently been found to contain a critical security vulnerability. This flaw could enable attackers to gain complete control over affected systems. The vulnerability, identified as CVE-2024-42327, affects multiple…

News

Vulnerability discovered in NVIDIA UFM systems allows unauthorized access to the system

NVIDIA UFM (Unified Fabric Manager) is a network management system developed by NVIDIA, designed for high-performance computing and data centers. UFM is used for managing, monitoring, and configuring network infrastructure. The UFM system provides various features to improve performance and…

News

WordPress Plugin Vulnerability Puts 200,000 Sites at Risk

On October 30, 2024, a critical vulnerability was discovered in the Anti-Spam by CleanTalk WordPress plugin, potentially affecting more than 200,000 active installations. This vulnerability allows attackers to install, activate, or delete plugins without authorization, which can lead to remote…

News

Remote code execution vulnerabilities discovered in Veritas Enterprise Vault

Veritas Enterprise Vault (EV) is a software platform designed for enterprises that enables centralized archiving and management of corporate data, including emails, files, social media content, voicemails, and other information. EV is widely used in industries such as legal, finance,…

News

Decade-Old Vulnerabilities in Ubuntu Server Allow Attackers to Gain Root Access

Several decade-old Local Privilege Escalation (LPE) vulnerabilities found in the needrestart component, installed by default in Ubuntu Server, allow local attackers to gain root access on the system. Needrestart is a utility that checks whether the system needs to be…

News

Critical Vulnerability in Drupal Core

Among content management systems (CMS) widely used around the world, a dangerous vulnerability has been identified in Drupal Core. Exploiting this vulnerability allows attackers to execute malicious code through users’ browsers. This vulnerability is mainly related to the Overlay module…

News

Critical Vulnerability Found in Oracle’s “Agile PLM” Framework

Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) framework, which is currently being actively exploited in real-world attacks. The vulnerability, identified as CVE-2024-21287, allows unauthenticated attackers to gain access to…

News

Multiple Critical Vulnerabilities Identified in Apache Tomcat

Apache Tomcat is an open-source software developed to support Java applications. It operates as a web server and servlet container, complying with Java EE (Enterprise Edition) specifications. Due to its efficiency, flexibility, and extensive configuration options, Tomcat is widely used…

News

Critical Vulnerability Discovered in Samba Active Directory (AD) System

A critical vulnerability has been discovered in the Samba Active Directory (AD) system. This vulnerability could allow attackers to escalate privileges within the system and potentially take control of the entire domain. The vulnerability, tracked as CVE-2023-3961, affects Samba versions…