AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300 Security Vulnerabilities

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic...

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

Information Exposure Through Misconfigured Permissions

Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-51775 ....

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is...

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation....

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix...

Fedora: Security Advisory for rust-sevctl (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-varlink_generator (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for loupe (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-uu_base64 (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtserialbus (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0212)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtx11extras (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtwebview (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtshadertools (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtsvg (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for kddockwidgets (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for python-jinja2 (FEDORA-2024-ce7649d28e)

The remote host is missing an update for...

Fedora: Security Advisory for qadwaitadecorations (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

Fedora: Security Advisory for qt5-qtquickcontrols2 (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

Fedora: Security Advisory for kitty (FEDORA-2024-25b47765c6)

The remote host is missing an update for...

Fedora: Security Advisory for rust-dotenvy (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-eza (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-sequoia-sqv (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust2rpm-helper (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for sudo-rs (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-sequoia-wot (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-pretty-bytes (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-askalono-cli (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-uu_true (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-dutree (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-gimoji (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-navi (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for rust-gst-plugin-gif (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...