Progress Software Ipswitch WS_FTP Server 安全漏洞

Progress Software Ipswitch WSFTP Server is a suite of FTP server software from Progress Software, Inc. that provides file transfer control, transfer encryption, and other features. A security vulnerability exists in Progress Software Ipswitch WSFTP Server versions prior to 8.8.8. An attacker can...

PT-2024-38553 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.8 Description: A missing critical step in the multi-factor authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

TensorFlow 输入验证错误漏洞

TensorFlow is a suite of end-to-end open source platforms for machine learning open-sourced by TensorFlow. An input validation error vulnerability exists in TensorFlow versions prior to 2.13.0, which stems from arrayops.upperbound causing a segmentation error when a 2nd order tensor is not...

PT-2024-5211 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q2 10.1.24.709 Description: The issue is related to an insecure deserialization vulnerability in the Telerik Report Server, which can be exploited to allow a remote attacker to execute...

Advisory ROSA-SA-2024-2456

Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...

PT-2024-37876 · National Instruments · Ni Veristand

Name of the Vulnerable Software and Affected Versions: NI VeriStand versions 2024 Q2 and prior Description: The issue is related to missing authorization checks when accessing File Transfer resources, potentially leading to information disclosure or remote code execution. Recommendations: For NI...

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords OTPs for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore MAS and the...

CVE-2023-40702

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...

CVE-2023-40356 PingOne MFA Integration Kit MFA bypass

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

Ubiquiti UniFi Security Breach

Ubiquiti UniFi is a wireless networking system from Ubiquiti USA. A security vulnerability exists in Ubiquiti UniFi iOS version 10.15.0, which stems from a misconfiguration introduced on a second-generation UniFi access point configured as a standalone, which could result in an SSID name change o...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 and P2 that originates from a user account that allows the creation of weak passwords, including single-character...

CLSA-2024-1719246768 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix buffer cleaning issue when password fails on second attempt...

PT-2024-5353 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: Securepoint UTM versions 11.5 through 12.6.4 Securepoint UTM Reseller Preview version 12.7.0 Description: The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password OTP keys. This...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from incorrect use of the ptp work queue for the second part of the timestamp, which stops when the port is closed...

DEBIAN-CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

UBUNTU-CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

CVE-2024-36974 net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

UBUNTU-CVE-2024-28833

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...

USN-6810-1 openjdk-8 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8...

kernel: i2c: i801: Fix block process call transactions

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once...