Moxa Industrial Managed Switch Cross-site Scripting (CVE-2015-6466)

Cross-site scripting XSS vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. This plugin only works with Tenable.ot...

Moxa Industrial Managed Switch Uncontrolled Resource Consumption (CVE-2015-6465)

The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service reboot via a crafted URL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

VulnCheck KEV: CVE-2023-24489

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...

How MDR Helps Solve the Cybersecurity Talent Gap

How do you overcome today's talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team's ability to defend the organization against new and current threats. This is why many security leaders...

Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats

It has been an eventful time since the introduction of Microsoft Security Experts.1 We launched Defender Experts for Hunting, our first-party managed threat hunting service for customers who want Microsoft to help them proactively hunt threats across endpoints, Microsoft Office 365, cloud...

CVE-2023-34141

A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...

From Malvertising to Ransomware: A ThreatDown webinar recap

Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising--the practice of embedding malicious code within legitimate online advertisements--and the epidemic of ransomware attacks affecting businesses globally. Presented by Mark Stockley, security...

Important: Red Hat Security Advisory: .NET 7.0 security, bug fix, and enhancement update

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:4059 Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 SDK 6.0.120, Runtime 6.0.20. BZ2219639 Security Fixes: dotnet: race...

ALSA-2023:4058 Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 SDK 7.0.109, Runtime 7.0.9. BZ2219633 Security Fixes: dotnet: race...

CVE-2023-24489

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller...

Design/Logic Flaw

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller...

Cisco Duo Authentication Error Vulnerability

Cisco Duo is a fully managed solution from Cisco, Inc. Provides secure access to your applications and data. An authentication error vulnerability exists in Cisco Duo Two-Factor Authentication, which arises from incorrectly handling responses from Cisco Duo when the application is configured to...

Rapid7 Solutions for Partners

Central to our mission at Rapid7 is building long-term relationships with partners who deliver valuable security solutions to customers. As customers increasingly seek managed services to meet their security needs, we've eagerly expanded our partner ecosystem to support a rapidly growing body of...

Privilege Escalation

github.com/stolostron/governance-policy-propagator is vulnerable to Privilege Escalation. In a formed policy, the library makes it possible for dynamically acquired policies to leverage cluster scoped access, enabling a local attacker to access resources from the namespace where the policy was...

CVE-2023-1707

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6...

CVE-2023-1707

CVE-2023-1707 affects HP Enterprise LaserJet and HP LaserJet Managed Printers using FutureSmart 5.6. The issue is an information disclosure vulnerability when IPsec is enabled, caused by insufficient protection of service data, enabling potential exposure of sensitive data between printers and ot...

CVE-2023-1707

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6...

HP LaserJet Enterprise和HP LaserJet Managed 安全漏洞

HP LaserJet Enterprise and HP LaserJet Managed are both multifunction printers from Hewlett-Packard HP USA. A security vulnerability exists in HP Enterprise LaserJet and HP LaserJet Managed Printers. An attacker has exploited the vulnerability to disclose information...

Kubernetes Grey Zone: Risks in Managed Cluster Middleware

Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks...