ABB Ability™ SCADAvantage Security Vulnerabilities

5 ways a CNAPP can strengthen your multicloud security environment

The cloud security market continues to evolve, reflecting the diligent efforts of security professionals globally. They are at the forefront of developing innovative solutions and strategies to address the sophisticated tactics of cyberattackers. The necessity for these solutions to stay ahead of.....

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

RHEL 8 : kernel-rt (RHSA-2024:2008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2008 advisory. kernel: netfilter: divide error in nft_limit_init (CVE-2021-46915) kernel: use-after-free in smb2_is_status_io_timeout()...

RHEL 8 : kernel (RHSA-2024:2006)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2006 advisory. kernel: netfilter: divide error in nft_limit_init (CVE-2021-46915) kernel: use-after-free in smb2_is_status_io_timeout()...

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-1822)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1822 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

Oracle Linux 8 / 9 : java-21-openjdk (ELSA-2024-1828)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1828 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

Azul Zulu Java Multiple Vulnerabilities (2024-04-16)

The version of Azul Zulu installed on the remote host is prior to 6 < 6.63.0.14 / 7 < 7.69.0.14 / 8 < 8.77.0.14 / 11 < 11.71.14 / 17 < 17.49.16 / 21 < 21.33.14 / 22 < 22.30.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-04-16 advisory. The ...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-1818)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1818 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases

Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since #26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo.....

Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases

Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since #26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo.....

(RHSA-2024:2008) Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) kernel: vmxnet3: NULL pointer dereference in...

(RHSA-2024:2006) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459) kernel: tun: bugs for oversize...

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a.....

Advisory ROSA-SA-2024-2405

software: kubernetes 1.25.15 WASP: ROSA-CHROME package_evr_string: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation.....

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms....

CVE-2024-21102

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

CVE-2024-21087

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in....

CVE-2024-21096

A flaw was found in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can...

CVE-2024-21069

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: DDL). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability....

CVE-2024-21062

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2024-21060

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

CVE-2024-21015

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: DML). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability....

CVE-2024-21054

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2024-21013

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized....

CVE-2024-21008

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized....

CVE-2024-21047

A flaw was found in the MySQL Server product of Oracle MySQL (component: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to...

CVE-2024-21009

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2024-20998

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2024-20994

A flaw was found in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly...

Debian dla-3793 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3793 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...

Oracle Linux 7 : java-11-openjdk (ELSA-2024-1821)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1821 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that...

Oracle Identity Manager (Apr 2024 CPU)

The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Quartz)). The supported...

Debian dsa-5672 : openjdk-17-dbg - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5672 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...

kernel security and bug fix update

[3.10.0-1160.118.1.0.1] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.118.1] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey...

Debian dsa-5671 : openjdk-11-dbg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5671 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported...

openSUSE: Security Advisory for tomcat (SUSE-SU-2024:1345-1)

The remote host is missing an update for...

ROS-20240423-01

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service....

K000139377 : OpenJDK vulnerabilities CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, and CVE-2024-21094

Security Advisory Description CVE-2024-21011 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22;...

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the...

[SECURITY] Fedora 40 Update: wireshark-4.2.4-1.fc40

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 9th, 2024, during our second Bug Bounty Extravaganza,...

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to....

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at...