Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology OT devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and...

Fedora 39 : unbound (2024-9df760819c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9df760819c advisory. Unbound 1.20.0 - https://github.com/NLnetLabs/unbound/releases/tag/release-1.20.0 - DNSBomb limitation fixes Tenable has extracted the preceding description...

AZL-42046 CVE-2024-32465 affecting package git for versions less than 2.39.4-1

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

CVE-2024-4437

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

Fedora 40 : cjson (2024-b93a6b1325)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b93a6b1325 advisory. Update to latest upstream version 1.7.17 closes rhbz2255953 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Updated webkit2 packages fix security vulnerabilities

Due to issues in our build system this package is very outdated, now that the issues are fixed we are publishing the current upstream version. Lot of CVEs are fixed and a lot of changes were made by upstream, see the links...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-013)

The version of tomcat installed on the remote host is prior to 9.0.87-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-013 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to ke...

PT-2024-24637 · Gutengeek · Gutengeek Gg Woo Feed For Woocommerce

Name of the Vulnerable Software and Affected Versions: GutenGeek GG Woo Feed for WooCommerce versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects GutenGeek GG Woo Feed for WooCommerce. Recommendations: For versions 1.2.6...

CVE-2024-21111

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from allowing the...

PT-2024-24579 · Unknown · Restropress

Name of the Vulnerable Software and Affected Versions: RestroPress versions 3.1.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. Recommendations: For...

PT-2024-24298 · Unknown · Link Whisper

Name of the Vulnerable Software and Affected Versions: Link Whisper Free versions 0.6.9 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 0.6.9 and earlier,...

PT-2024-3145 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers ...

PT-2024-2234 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure, allowing for potential exploitation. This could enable a remote attacker to conduct cross-site scriptin...

How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac

ThreatDown is happy to announce that our Vulnerability Assessment and Patch Management VPM tool is now available for Mac endpoints. There are hundreds of third-party apps that Mac endpoint use on a daily basis—and with that large number of apps comes a dizzying amount of software updates to apply...

CVE-2024-25103

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...

Design/Logic Flaw

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to...

CVE-2024-25103

CVE-2024-25103 affects AppSamvid software, with DLL hijacking as the underlying vector due to vulnerable/outdated components. Local administrative privileges are required to place malicious DLLs on the target system, enabling arbitrary code execution if exploited. The available connected document...

BIT-GITLAB-2020-13284

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...