Recently, Lenovo’s new BIOS updates fixes the high-severity vulnerabilities impacting hundreds of devices in several models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem). The potential impact may include Information disclosure, privilege escalation and denial of service. The List of Vulnerabilities Includes: CVE-2021-28216 – Fixed pointer vulnerability in TianoCore EDK II BIOS […]

Four BIOS-related vulnerabilities have recently been discovered, according to a new security alert from Lenovo. Threat actors can use these flaws to allow information exposure, denial of service, or privilege escalation. The first of the bugs, identified as CVE-2022-40137, affects the WMI SMI Handler function and affects the Lenovo Desktop, Desktop AIO, Smart Edge, Smart […]

Google has launched its new Vulnerability Bounty Program for its open source software. The company will pay up to more than US$31,000 as an incentive to those who find bugs in its ecosystem and report them. “Today we are launching  the Open Source Software Vulnerability Rewards Program (OSS VRP) to reward vulnerability discoveries in Google’s […]

On many occasions, security flaws appear that can compromise our devices. They can affect operating systems like Windows, applications, drivers. It is important to always correct them and prevent hackers from having a choice. In this article we echo the latest and important vulnerabilities that Windows has corrected. We’re going to explain why you should […]

Argo CD is a declarative GitOps continuous delivery tool for Kubernetes. It is required because Application definitions, configurations, and environments should be declarative and version controlled. Also it helps when Application deployment and lifecycle management should be automated, auditable, and easy to understand. This Argo Cd security team has published details of 4 vulnerabilities. Following […]

3 vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated threat actor to remotely execute arbitrary code or cause a denial of service (DoS) condition on the router. Affected Products Vulnerable ProductsCVE-2022-20827 and CVE-2022-20841 affect the following Cisco products: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN […]

The manufacturer NETGEAR has issued an urgent notice for all owners of professional VPN and firewall routers, the affected models are the BR200 and BR500, two models widely used by small and medium-sized businesses as they have advanced configuration options. The manufacturer has declared that due to technical limitations beyond its control, they will not […]

IBM has published details of vulnerabilities affecting IBM QRadar SIEM. Below are the details. 1) Improper input validation CVE-ID: CVE-2017-9801 Description The vulnerability allows a remote attacker to inject arbitrary files. The vulnerability exists due to an improper input validation flaw in the setSubject() method. A remote attacker can supply a specially crafted value containing […]

Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. ESET Research discovered and reported to the manufacturer these three vulnerabilities. Two months of ago UEFI vulnerabilities affected Dell laptops. To help fellow researchers discover more similar vulnerabilities and improve the […]

Fortinet, an American multinational corporation headquartered in Sunnyvale, California. The company develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint security components. Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.The following is a list of advisories for issues resolved in Fortinet […]

Broadcom published that software used by its storage networking company Brocade is affected by 9 important vulnerabilities, and the same vulnerabilities impact the SAN products of several major companies like Dell, Fujitsu, HP, Huawei, IBM, and Lenovo. The SANnav storage area network (SAN) management application is affected by nine vulnerabilities. Brocade has made available patches but […]

Common Weakness Enumeration (CWE) is Managed by MITRE and it a released top 25 Most Dangerous Software vulnerabilities list. This list shows the currently most common and impactful vulnerabilities. Often easy to find and exploit, these can be exploited that can allow threat actors to completely take over a system, steal data, or bring down […]

Citrix Hypervisor is an industry leading platform for cost-effective desktop, server, and cloud virtualization infrastructures. Citrix Hypervisor enables organizations of any size or type to consolidate and transform compute resources into virtual workloads for today’s data center requirements. Citrix has released hotfix to patch important  Information disclosure,  Incomplete cleanup and Race condition vulnerabilities.  1) Information […]