Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes
Recreating a vulnerability in log streaming via the Kubelet on Windows nodes
Read ArticleRecreating a vulnerability in log streaming via the Kubelet on Windows nodes
Read ArticleThe Delinea Protocol Handler suffers from a Remote Code Execution vulnerability in the sslauncher URL handler. This could be exploited by a malicious …
Read ArticleIs Your Corporate VPN Client Providing Access to More Than Just Your Employees?
Read ArticlePalo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Read ArticleSonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
Read ArticleToday, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an …
Read ArticleJoin us as we reveal how CVE-2024-45488 can let attackers gain access to your corporate password vault and uncover hidden secrets of Microsoft DPAPI.
Read ArticleSafeGuard for Privileged Passwords (SPP) virtual appliance images contain a hard-coded cryptographic key (CWE-321). An attacker can exploit this key …
Read ArticleAs part of a recent client engagement, we conducted a product assessment of the Cato Client. During this assessment, we discovered significant …
Read ArticleThe Cato Client was found to store authentication data within the trace logs generated by the desktop client during SSO authentication.
Read ArticleThe OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …
Read ArticleThe Cato Client was found to use an insecure temporary folder for downloading and processing updates.
Read ArticleThe web service used during the Cato SSO authentication flow was found to contain an Open Redirect issue, which could allow a remote attacker to …
Read ArticleThe Cato Client suffers from a Remote Code Execution vulnerability which could be triggered via a URL handler, or via requests to the local webserver.
Read ArticleThe Cato Client allows a low-privileged, local user to install arbitrary Root CA Certificates in the computer’s certificate store.
Read Article