Attention, there is a new path traversal vulnerability (CVE-2019-19781) with a 9.8 severity rating that can allow unauthenticated threat actors to execute arbitrary code on several Citrix products. These products include application delivery controllers (ADC), Gateways, and SD-WAN WANOP. Citrix provided a patch timeline that lists the dates of various patches for their … [Read more...]
LastPass Remote Code Execution Vulnerability
Password manager LastPass announced this morning that it had resolved two vulnerabilities in its Chrome and Firefox browser extensions. The vulnerabilities, originally reported by Google security researcher Travis Ormandy, could have allowed an attacker to send arbitrary commands to a victim’s LastPass browser extension. An attacker could exploit this flaw to fetch saved … [Read more...]