Review the latest advisories
The Incident Response team sends advisories about security vulnerabilities to U of T’s technical staff. If you have questions or concerns, contact security.response@utoronto.ca.
July 9, 2024
A critical unauthenticated remote code execution (RCE) vulnerability in OpenSSH, identified as CVE-2024-6387 and dubbed "regreSSHion" has been discovered, which allows attackers to gain root privileges on glibc-based Linux systems.
May 23, 2024
Veeam has notified one of our units about the vulnerabilities in their Backup Enterprise Manager product listed below. The worst of them, CVE-2024-29849, allows an attacker to log in to the web interface as any user.
March 8, 2024
On March 8, QNAP published a security bulletin disclosing three security flaws in its NAS software products. Exploitation of these vulnerabilities can lead to an authentication bypass, command injection and SQL injection.