Cisco has patched a dangerous flaw in its Adaptive Security Appliance Software that could allow an attacker to bypass authentication when Kerberos is enabled.
Several Fortinet products had a hardcoded encryption key that could allow for passive monitoring of user traffic.
Cloudflare has open sourced Flan Scan, a “lightweight” network vulnerability scanner that it uses in-house to help identify vulnerable services running in its vast network. Early reactions suggest that it shouldn’t be the sole vulnerability management tool being used in the network.
A Mozilla-funded security audit of the iTerm2 terminal emulator for macOS found a critical remote-code execution bug.
A newly discovered buffer overflow in the Exim mail server can be used to cause a denial-of-service and possibly remote code execution.