.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

.NET 6.0 bugfix update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-34392 Missing Authentication for Critical Function

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

"This Apple ID can't be used to make purchases" error when installing Secure Hub on DEP devices

When attempting to download and install the Citrix Secure Hub app on devices enrolled through the Device Enrollment Program DEP using a Managed Apple ID in Apple Business Manager ABM, users may encounter the error message: "This Apple ID can't be used to make purchases."...

CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan

Today, CISA released the Remote Monitoring and Management RMM Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative JCDC. This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat...

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...

CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation...

CVE-2023-4337 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation...

CVE-2023-4337

CVE-2023-4337 affects the Broadcom RAID Controller web interface. The vulnerability arises from improper session handling of gateway-installed managed servers. Based on NVD metrics, it is a CRITICAL issue (CVSS v3.1: 9.8) with network access, no user interaction required, and high impact to confi...

CVE-2023-21229

In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Important: Red Hat Security Advisory: .NET 7.0 security, bug fix, and enhancement update

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2023-18014 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: In the registerServiceLocked function of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from an insecure PendingIntent in the registerServiceLocked module of...

ZKTeco BioAccess IVS Information Disclosure Vulnerability

ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An information disclosure vulnerability exists in ZKTeco BioAccess IVS, which can be exploited by an attacker to obtain sensitive information about all managed devices...

MDR: Empowering Organizations with Enhanced Security

Managed Detection and Response MDR has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response EDR products deployed across their network domain. With real-time threat-hunting...

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

CVE-2023-38955

ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names...

ZKTeco BioAccess IVS 安全漏洞

ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An information disclosure vulnerability exists in ZKTeco BioAccess IVS, which can be exploited by an attacker to obtain sensitive information about all managed devices...

Moxa Industrial Managed Switch Uncontrolled Resource Consumption (CVE-2015-6465)

The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service reboot via a crafted URL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...