#vulnerabilityalert — Public Fediverse posts

⚠️ Cloud Software Group reveals a medium severity XSS flaw (CVE-2025-12101) in Citrix NetScaler ADC & Gateway platforms! Vulnerable versions include 14.1 before 14.1-56.73 & 13.1 before 13.1-60.32. Immediate patching is crucial to prevent session hijacking & credential theft. 🔒🛡️

Details here: https://gbhackers.com/citrix-netscaler-adc-and-gateway-flaw/ #CyberSecurity #XSS #Citrix #NetScaler #VulnerabilityAlert #newz

🚨 Oh no! The X.Org X server has more holes than a Swiss cheese! 🧀 For the six people who still use it, the suspense of those 'multiple issues' is killing us. Who knew X could stand for 'xtra' vulnerabilities? 🤦‍♂️
https://lists.x.org/archives/xorg-announce/2025-October/003635.html #XOrg #XServer #Vulnerabilities #SwissCheese #CyberSecurity #TechNews #VulnerabilityAlert #HackerNews #ngated

The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever

https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security

#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert

"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"

A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.

And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.

A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.

Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️

Source: Ivanti's Forums Tenable

🚨✨ Critical Alert: SSH ProxyCommand Vulnerability! Dive into the details of CVE-2023-51385, a severe code execution flaw, exposing servers to shell injection. Discover insights, mitigation strategies, and stay ahead of potential threats. 🔐💻

https://www.relianoid.com/blog/ssh-proxycommand-unexpected-code-execution-cve-2023-51385/

#SSHSecurity #CyberRisk #CodeExecutionFlaw #InfoSec #VulnerabilityAlert #SSHProxyCommand #CyberThreats #MitigationStrategies #TechSecurity #CVE2023_51385 #CyberDefense #SSHVulnerability #InfoSecInsights #ServerSecurity #PatchNow

"⚠️ #HPEOneView Alert! Triple Vulnerability Threat Uncovered ⚠️"

Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up! 🛡️

Vulnerabilities:
1️⃣ CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (@SinSinology) from the Summoning Team (@SummoningTeam) for reporting this! 🕵️‍♂️

2️⃣ CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages. 📩

3️⃣ CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView. 🚫

Impacted? 🤔 Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP! ⏳

Source: Guru's Article, September 11, 2023

Tags: #Cybersecurity #HPE #VulnerabilityAlert #PatchNow #OpenSSL #DoS #AuthenticationBypass #SensitiveDataLeak #InfoSecCommunity