The vulnerability is GlobalProtect. The vulnerability makes it possible to get root on a PaloAlto device – without any authentication (!). Unauth Command Injection. The manufacturer reports that the vulnerability is being exploited in real-world attacks.
Read more Critical 0day in VPN from PaloAlto. CVSS 10/10.Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.
Read more Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability