IBM Security Verify Access Trust Management Issues Vulnerability

IBM Security Verify Access is a service from International Business Machines IBM that improves user access security. A trust management issue vulnerability exists in IBM Security Verify Access, which can be exploited by a remote attacker to submit a special request that can unauthorized control t...

MAL-2024-1020 Malicious code in analysis-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df618b529012f6ffca73476f9c27854370f58223bddbaceb6acb01605d75909 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-22132

SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availabilit...

Code injection

SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availabilit...

JetBrains Releases Security Advisory for TeamCity On-Premises

JetBrains released a security advisory to address a vulnerability CVE-2024-23917 in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity...

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series

Cisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Serieslink is external...

Oracle Releases Critical Patch Update Advisory for January 2024

Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024...

Atlassian Releases Security Updates for Multiple Products

Atlassian released a security advisory to address a vulnerability CVE-2023-22527 in out-of-date versions of Confluence Data Center and Server as well as its January 2024 security bulletin to address vulnerabilities in multiple products. A malicious cyber actor could exploit one of these...

VMware Releases Security Advisory for Aria Automation

VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...

Juniper Releases Security Advisory for Juniper Secure Analytics

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA75636link ...

Mozilla Releases Security Updates for Firefox and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...

CVE-2023-6928

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system...

CVE-2023-6928 Improper Restriction of Excessive Authentication Attempts

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system...

Microsoft Releases Security Updates for Multiple Products

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December Security Update Guidelink is...

The Apache Software Foundation Updates Struts 2

The Apache Software Foundation has released security updates to address a vulnerability CVE-2023-50164 in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletinlink is...

CVE-2023-4149

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management...

Design/Logic Flaw

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management...

Security Vulnerability in WAGO Industrial Managed Switch

WAGO Industrial Managed Switch is a series of industrial Ethernet switches from WAGO, Germany. A security vulnerability exists in the WAGO Industrial Managed Switch that originates from allowing an unauthenticated, remote attacker to inject arbitrary system commands and gain full system control...

Microsoft Releases November 2023 Security Updates

Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2023 Security Update Guidelink is...

VMware Releases Advisory for VMware Tools Vulnerabilities

VMware released a security advisory addressing multiple vulnerabilities CVE-2023-34057, CVE-2023-34058 in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware advisory...