#vulnerability

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Get updated advice on how, when, and where we should disclose cybersecurity incidents under the SEC's four-day rule after SolarWinds, and join the call to revamp the rule to remediate first.

By Waqas Using Google Chrome? Update your browser to the latest version right now! This is a post from HackRead.com Read the original post: Google Patches Critical Chrome Vulnerability and Additional Flaws

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MACH SCM, are affected: MACH SCM: Versions 4.0 to 4.5.x MACH SCM: Versions 4.6 to 4.38 3.2 Vulnerability Overview 3.2.1 IMPROPER CONTROL OF GENERATION OF CODE CWE-94 SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. CVE-2024-0400 has been ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens RUGGEDCOM APE1808, an application hosting platform, are affected: RUGGEDCOM APE1808: All versions with Palo Alto Networks Virtual NGFW configured with GlobalProtect gateway or GlobalProtect portal (or both). 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal, Stack-based Buffer Overflow, Debug Messages Revealing Unnecessary Information, Out-of-bounds Write, Heap-based Buffer Overflow, Binding to an Unrestricted IP Address, Improper Input Validation, Buffer Access with Incorrect Length Value, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disclose sensitive information, allow privilege escalation, or allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports these vulnerabilities affect the following versions of Experion PKS, LX, PlantCruise, Safety Manager, and Safety Manage...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi's RTU500 series CMU Firmware are affected: RTU500 series CMU Firmware: Version 12.0.1 - 12.0.14 RTU500 series CMU Firmware: Version 12.2.1 - 12.2.11 RTU500 series CMU Firmware: Version 12.4.1 - 12.4.11 RTU500 series CMU Firmware: Version 12.6.1 - 12.6.9 RTU500 series CMU Firmware: Version 12.7.1 - 12.7.6 RTU500 series CMU Firmware: Version 13.2.1 - 13.2.6 RTU500 series CMU Firmware: Version 13.4.1 - 13.4.4 RTU500 series CMU Firmware: Version 13.5.1 - 13.5.3 3.2 Vulnerability Overview 3.2.1 UNRESTRI...