2293 matches found
CVE-2024-7323 Digiwin EasyFlow .NET - Arbitrary File Download
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server...
GO-2024-3012 Malicious code in github.com/PromonLogicalis/asn1
Version 7bdca06d0edf of the github.com/PromonLogicalis/asn1 module contains malicious code which downloads a program from a remote web server and executes it...
North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEVPOPPER and linked to North Korea, has been found to have singled out...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2024-40898, CVE-2024-40725)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35154
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Malicious npm Packages Found Using Image Files to Hide Backdoor Code
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Reconfigure XenDesktop Desktop Studio when Installed as a Standalone on a Remote Server
When you install Desktop Studio by itself on a remote server, that is, without the controller role installed locally, the first time you start the Desktop Studio Console, you are prompted to select which Desktop Delivery Controller DDC you want to connect, as displayed in the following screen sho...
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
It is an exploit module/toolkit targeting a web application. The...
Mattermost Improper Access Control Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access control vulnerability. An attacker could exploit the vulnerability to cause changes to the profile image of a user belonging to another remote server connecte...
CVE-2024-36257 Lack of permission check when updating the profile picture of a remote user (shared channels enabled)
Mattermost versions 9.5.x = 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access control vulnerability. An attacker could exploit the vulnerability to cause changes to the profile image of a user belonging to another remote server connecte...
CVE-2023-41928 Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...
CVE-2023-41928 Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-37532
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...