Category: Good news

[*] 10Web Form Builder Team–Form Maker by 10Web  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24. 2024-05-14 5.9 CVE-2024-34437audit@patchstack.com 1Panel-dev–1Panel  1Panel is an open source Linux server operation and maintenance…

Read More

CISA released seventeen Industrial Control Systems (ICS) advisories on May 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-137-01 Siemens Parasolid ICSA-24-137-02 Siemens SICAM Products ICSA-24-137-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-137-04 Siemens Polarion ALM ICSA-24-137-05 Siemens Simcenter Nastran ICSA-24-137-06 Siemens SIMATIC CN 4100 Before V3.0 ICSA-24-137-07…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-100005 D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability CVE-2021-40655 D-Link DIR-605 Router Information Disclosure Vulnerability CVE-2024-4761 Google Chromium V8 Out-of-Bounds Memory Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…

Read More

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability CVE-2023-43208 NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding…

Read More

Try Tenable Web App Scanning Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.…

Read More

Try Tenable Web App Scanning Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.…

Read More

Cisco has released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply necessary updates:•    Cisco Crosswork Network Services Orchestrator•    Cisco Crosswork Network Services Orchestrator Privilege Escalation•    ConfD…

Read More

MS-ISAC ADVISORY NUMBER: 2024-057 DATE(S) ISSUED: 05/15/2024 OVERVIEW: A vulnerability has been discovered in SolarWinds Access Rights Manager that could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then…

Read More

Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Adobe Security Bulletins and apply necessary updates:  Adobe Acrobat and Reader Adobe Illustrator Substance 3D Painter Adobe Aero…

Read More

Apply the stable channel update provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…

Read More