#vulnerability

Red Hat Security Advisory 2024-9572-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

Red Hat Security Advisory 2024-9566-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9559-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9554-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9552-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9547-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: 2N Equipment: Access Commander Vulnerabilities: Path Traversal, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of 2N Access Commander, an IP access control system, are affected: Access Commander: versions 3.1.1.2 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker to write files on the filesystem to achieve arbitrary remote code execution. CVE-2024-47253 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vecto...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Updater Vulnerabilities: Insecure Storage of Sensitive Information, Improper Input Validation, Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an authentication bypass, remote code execution, and/or a local privilege escalation 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk are affected: FactoryTalk Updater - Web Client: Version 4.00.00 FactoryTalk Updater - Client: All versions FactoryTalk Updater - Agent: All versions 3.2 Vulnerability Overview 3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922 An authentication bypass vulnerability exists due to shared secrets across accounts, which could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during auth...