Category: Good news
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More3ds — 3dexperience A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. 2024-09-02 5.4 CVE-2024-7932 3DS.Information-Security@3ds.com 3ds — 3dexperience A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows…
Read MoreA Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access
- by nlqip
MS-ISAC ADVISORY NUMBER: 2024-097 DATE(S) ISSUED: 09/06/2024 OVERVIEW: A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-096 DATE(S) ISSUED: 09/05/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution. Veeam Backup & Replication is a proprietary backup app. Veeam ONE is a solution for managing virtual and data protection environments. Veeam Service Provider Console provides centralized monitoring…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read MoreCISA released four Industrial Control Systems (ICS) advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreMS-ISAC ADVISORY NUMBER: 2024-095 DATE(S) ISSUED: 09/03/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.…
Read More10up–Simple Local Avatars Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. 2024-08-26 4.3 CVE-2024-43116audit@patchstack.com advancedformintegration — advanced_form_integration Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4. 2024-08-26 4.3 CVE-2024-43340audit@patchstack.com Analytify–Analytify Cross-Site Request Forgery (CSRF)…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreMS-ISAC ADVISORY NUMBER: 2024-094 DATE(S) ISSUED: 09/03/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read MoreRecent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA