NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX2 Series, Jetson TX2 NX Security Vulnerabilities

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

Denial of service

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...

Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware

CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A...

Oracle Linux 8 : thunderbird (ELSA-2024-0964)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response...

Oracle Linux 8 : firefox (ELSA-2024-0955)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit...

Oracle Linux 9 : thunderbird (ELSA-2024-0963)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user...

CVE-2021-46945

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....

CVE-2024-0387

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...

CVE-2024-0387

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...

Design/Logic Flaw

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...

Design/Logic Flaw

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...

CVE-2024-0387 EDS-4000/G4000 Series IP Forwarding Vulnerability

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get started....

Oracle Linux 7 : firefox (ELSA-2024-0976)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0976 advisory. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...

Oracle Linux 7 : thunderbird (ELSA-2024-0957)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0957 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...

CentOS 7 : firefox (RHSA-2024:0976)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0976 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...

Fedora 39 : thunderbird (2024-81863a1613)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-81863a1613 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...

CVE-2024-0439 User can manually send request at manager permission to modify system configurations

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:0608-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0608-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:0607-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0607-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...

Oracle Linux 9 : firefox (ELSA-2024-0952)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0952 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...

Debian dsa-5630 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5630 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:0580-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0580-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an...

Fedora 39 : firefox (2024-bc8ea2c2cb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc8ea2c2cb advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6649-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6649-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....

CVE-2024-1547

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL...

Iranian Threat Actor Adapts Tactics to Stay One Step Ahead

Summary: Charming Kitten, an Iranian threat actor, has recently been linked to a series of attacks targeting the Middle East. This campaign involves deploying a new backdoor called BASICSTAR through a deceptive webinar portal. Threat Level - Red | Attack Report For a detailed threat advisory,...

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures (CVEs) disclosed worldwide, covering a range of applications, software and hardware that.....

No fix KrbRelay VMware style

TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a.....

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)

The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...

Decoding Digital Transformation: AI, ML, and RPA in the Modern Era

Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core...

Decoding Digital Transformation: AI, ML, and RPA in the Modern Era

Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core...

Mozilla Firefox Security Advisory (MFSA2024-05) - Linux

This host is missing a security update for Mozilla...

Debian dsa-5627 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5627 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado...

CVE-2024-1547

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

CVE-2024-1547

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

CVE-2024-1547

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

CVE-2024-1547

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

Code injection

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

CVE-2024-1547

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns...