Monthly Archives: January 2024

Advisories

A Vulnerability in Cisco Unity Connection Could Allow for Arbitrary Code Execution

Read Time:39 Second

A vulnerability has been discovered in Cisco Unity Connection that could allow for arbitrary code execution on a targeted host. Cisco Unity Connection is a unified messaging and voicemail solution that allows users access and manage messages from an email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, or tablet. Successful exploitation could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Advisories

sos-4.6.1-1.fc40

Read Time:15 Second

FEDORA-2024-d8aa604880

Packages in this update:

sos-4.6.1-1.fc40

Update description:

Automatic update for sos-4.6.1-1.fc40.

Changelog

* Thu Jan 11 2024 Sandro Bonazzola <sbonazzo@redhat.com> – 4.6.1-1
– Update to 4.6.1
– Resolves: fedora#2257777
– Resolves: fedora#2244214

Read More

Advisories

ZDI-24-074: Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2023-52329.

Read More