2025-02-22 07:09:30 Pacfic
Critical Vulnerabilities Patched in Multiple Products - 10h
Several security flaws have been discovered and patched in various products, including a critical authentication bypass in Juniper Networks Session Smart Routers. Also, Atlassian patched several critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
Router Vulnerabilities and Veeam Backup Security Flaw - 16d
End-of-life (EOL) Zyxel routers are under attack via CVE-2024-40891, with no patches available, prompting users to swap EOL Zyxel routers and upgrade Netgear ones with patches. Veeam released a security advisory warning of a vulnerability impacting the Veeam Updater component that allows man-in-the-middle (MitM) attackers to execute arbitrary code on the affected server. Affected products include Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager/Red Hat Virtualization. The Veeam flaw allows attackers to perform Man-in-the-Middle (MitM) attacks, potentially leading to arbitrary code execution with root-level permissions on the affected appliance servers.