Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.
Fixes have been issued by Taiwanese networking device manufacturer Zyxel to address five security vulnerabilities impacting its NAS326 and NAS542 network-attached storage devices that have not been supported since the end of 2023, including three critical flaws that could be exploited to facilitate remote code execution and command injection attacks, according to The Register.
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more!
Segment Resources:
NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/
Josh's Latest post: https://opensources...
Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News.