A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
The flaw was recently patched in Android’s February Security Bulletin.
RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.
The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities.
Cisco has released patches to address the five vulnerabilities, which could lead to remote code-execution and denial of service.
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.
The issue lies in underlying reference software used by multiple cable-modem manufacturers to create device firmware.
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.
Researchers warn that five vulnerabilities that stem from SQLite could enable remote code execution.