Category: Good news

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…

Read More

3ds — 3dexperience  A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. 2024-09-02 5.4 CVE-2024-7932 3DS.Information-Security@3ds.com  3ds — 3dexperience  A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows…

Read More

MS-ISAC ADVISORY NUMBER: 2024-097 DATE(S) ISSUED: 09/06/2024 OVERVIEW: A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe…

Read More

MS-ISAC ADVISORY NUMBER: 2024-096 DATE(S) ISSUED: 09/05/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution. Veeam Backup & Replication is a proprietary backup app. Veeam ONE is a solution for managing virtual and data protection environments. Veeam Service Provider Console provides centralized monitoring…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…

Read More

CISA released four Industrial Control Systems (ICS) advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Read More

MS-ISAC ADVISORY NUMBER: 2024-095 DATE(S) ISSUED: 09/03/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.…

Read More

10up–Simple Local Avatars  Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. 2024-08-26 4.3 CVE-2024-43116audit@patchstack.com  advancedformintegration — advanced_form_integration  Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4. 2024-08-26 4.3 CVE-2024-43340audit@patchstack.com  Analytify–Analytify  Cross-Site Request Forgery (CSRF)…

Read More

CISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Read More

MS-ISAC ADVISORY NUMBER: 2024-094 DATE(S) ISSUED: 09/03/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…

Read More