PT-2026-34120

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Tripp Lite Discontinued Devices Detection

The current plugin identifies Tripp Lite devices that are currently discontinued. Tripp Lite Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product no longer manufactured or procured. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...

IBM DB2 SEoL (11.0.x <= x <= 11.1.x)

According to its version, IBM DB2 is between 11.0.x and 11.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVE...

Advice for manufacturers on the coming PSTI regulation

TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...

GHSA-R8F4-HV23-6QP6 Norman API Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identified as a...

Tenable Nessus SEoL (6.2.x)

According to its version, Tenable Nessus is 6.2.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster. The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI. Standard users coul...

Rancher UI has multiple Cross-Site Scripting (XSS) issues

Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...

GHSA-46V3-GGJG-QQ3X Rancher UI has multiple Cross-Site Scripting (XSS) issues

Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...

Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

Rancher cattle-token is predictable

Impact An issue was discovered in Rancher versions up to and including 2.6.9 and 2.7.0, where the cattle-token secret, used by the cattle-cluster-agent, is predictable. Even after the token is regenerated, it will have the same value. This issue is not present in Rancher 2.5 releases. The...

Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2015 Update 3: August 9, 2022 (KB5016316)

Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2015 Update 3: August 9, 2022 KB5016316 Note: This security update applies to all Visual Studio 2015 Update 3 editions except Isolated and Integrated Shells, Build Tools, Remote Tools, and...

Improving Cybersecurity Practices by Managing the Asset Lifecycle

Securing enterprise environments continues to increase in importance. Attacks on infrastructure continue to increase and organizations need to focus more on prevention. While new vulnerabilities are continually being discovered, companies are also left vulnerable to attacks because their...

JT2Go and Teamcenter Visualization Stack Buffer Overflow Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with existing JT, VFZ, CGM, TIF data.Teamcenter visualization software enables companies to enhance their Product Lifecycle Management PLM environments.The software gives business users access to documents in a...

Notice of Status Change Announcement for Version 12.1 of the Citrix ADM

Citrix Systems, Inc. announces an update to End of Maintenance and End of Life dates for version 12.1 of the Citrix Application Delivery Management formerly referred to as NetScaler Management & Analytics System Citrix Application Delivery Management ADM product lifecycle model will change from 3...

Oracle Agile PLM Remote Vulnerability (CNVD-2017-27165)

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle, which provides value chain planning, value chain execution, product lifecycle management, etc. Oracle Agile PLM Product Lifecycle Management is one of the lifecycle management components. Oracle Agile PLM Product...

Microsoft Ending Support for Windows Vista

All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive: Security updates, Non-security hotfixes, Free or paid assisted support options, or Online technical content updat...

KLA10871 VMware Workstation 11.x end of life

VMware announced the end of support for VMware Workstation 11.x. Users should immediately make transition to VMware Workstation 12.x or later Original advisories https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf Related products...

CVE-2014-2458

Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install...