#vulnerability

Red Hat Security Advisory 2024-4730-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Security Advisory 2024-4715-03 - An update for cups is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-4677-03 - Red Hat OpenShift Container Platform release 4.12.61 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4616-03 - Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-4613-03 - Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPCI85 for CP-8031/CP-8050, CPCI85, SICORE Vulnerabilities: Unverified Password Change, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform an unauthorized password reset which could lead to privilege escalation and potential leak of information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens SICAM product versions are affected: CPCI85 Central Processing/Communication: All versions prior to V5.40 SICORE Base system: All versions prior to V1.4....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access unauthorized protected areas of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Positron Broadcast Signal Processor are affected: Broadcast Signal Processor TRA7005: v1.20 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. CVE-2024-7007 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculate...

While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment. In this article, we will

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.