EUVD-2024-24656

Malicious code in bioql PyPI...

EUVD-2024-53724

Malicious code in bioql PyPI...

EUVD-2024-53726

Malicious code in bioql PyPI...

The vulnerability of the Live-Restore parameter in software for remote IT support and monitoring of Dell Secure Connect Gateway (SCG) allows a hacker to circumvent existing security restrictions.

The vulnerability of the Live-Restore parameter in software for remote IT support and monitoring of Dell Secure Connect Gateway SCG is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions...

The vulnerability of the software for remote IT support and monitoring of Dell Secure Connect Gateway (SCG) arises from the lack of proper input validation when requesting external server authentication. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of software for remote IT support and monitoring of Dell Secure Connect Gateway SCG lies in the lack of proper input validation when requesting external server authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected informatio...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

PT-2024-12773 · Beyondtrust · Beyondtrust Remote Support

Name of the Vulnerable Software and Affected Versions: BeyondTrust Remote Support SaaS affected versions not specified Description: A security issue allowed hackers to exploit and breach Remote Support SaaS instances, resulting in the resetting of local account passwords. The incident led to the...

CVE-2024-45837

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...

CVE-2024-45837

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...

CVE-2024-45837

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...

PT-2024-31802 · Aiphone · Aiphone Ixg System

Name of the Vulnerable Software and Affected Versions: AIPHONE IX SYSTEM affected versions not specified AIPHONE IXG SYSTEM affected versions not specified System Support Software affected versions not specified Description: A use of hard-coded cryptographic key issue exists, allowing a...

Risk Fact #5: Keeping the Pace of Remediation at Cloud Scale Requires Automation

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...

Zoho ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability (CNVD-2022-29865)

Zoho ManageEngine SupportCenter Plus is a web-based customer support software from Zoho India. It is used to allow organizations to effectively manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process.A cross-sit...

Zoho ManageEngine SupportCenter Plus 代码问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. Used to allow organizations to effectively manage customer requests, their account and contact information, and service contracts, and in the process provide a superior customer experience, ZOHO...

Unspecified Vulnerability in Avaya Equinox Conferencing

Avaya Equinox Conferencing is a conferencing support software from Avaya, USA. The software is a universal solution that includes all Avaya soft clients with the convergence of Avaya Aura Conferencing and Scopia for cell phones, browsers, desktops and conference room systems. A security...