Automated Logic WebCTRL Premium Server Unrestricted Upload of File with Dangerous Type (CVE-2024-8525)

CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists which could allow an unauthenticated user to upload files of dangerous types without restrictions, leading to remote command execution. This plugin only works with Tenable.ot. Please visit...

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability CVE-2024-47575 to include additional workarounds and indicators of compromise IOCs. A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take...

Crestron AM-300

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : Low attack complexity Vendor : Crestron Equipment : AM-300 Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3...

VMware Releases Security Advisory for Aria Automation

VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability CVE-2024-21611 in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Advisory...

Juniper Releases Security Advisory for Juniper Secure Analytics

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA75636link ...

Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Juniper’s Support Portallink is external...

Samba Releases Security Updates 

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements...

Flaw in some ManageEngine apps is being actively exploited, says CISA

CISA the Cybersecurity and Infrastructure Security Agency recently added CVE-2022-35405--a remote code executionRCE vulnerability affecting Zoho ManageEngine PAM360 versions 5500 and earlier, Password Manager Pro versions 12100 and earlier, and Access Manager Plus versions 4302 and earlier--to it...

Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an internal buffer overflow, which can...

Circutor COMPACT DC-S BASIC

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Circutor Equipment: COMPACT DC-S BASIC Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition resulting in...

Siemens Siveillance OIS

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance OIS Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute code on...