Alerts and Advisories




January   February   March  


  • Vulnerability in Microsoft Azure Product (12 Mar 2024)

    An elevation of privilege vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
    CVE ID: CVE-2024-21400 (Critical)

  • Vulnerability in Microsoft Product Open Management Infrastructure (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Open Management Infrastructure (OMI).
    CVE ID: CVE-2024-21334 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-36911 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-36910 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-35385 (Critical)

  • Microsoft Released March 2024 Security Updates (12 Mar 2024)

    Microsoft has released security updates to address multiple critical, high & medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Fortinet Releases Security Updates for Multiple Products (12 Mar 2024)

    Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-47534 (High), CVE-2023-42789 (Critical), CVE-2023-42790 (Critical), CVE-2024-23112 (High), CVE-2023-36554 (High), CVE-2023-48788 (Critical)

  • Adobe Releases Security Updates for Multiple Products (12 Mar 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.? 

  • Google Released Security Updates for Chrome (12 Mar 2024)

    Google has released Chrome 122 (122.0.6261.119) for Android, Chrome Beta 123 (123.0.6312.38) for iOS and Stable channel updated to 122.0.6261.128/.129 for Windows & Mac and 122.0.6261.128 for Linux to resolve security fixes & vulnerability.
    CVE ID: CVE-2024-2400 (High)

  • CISA Publishes SCuBA Hybrid Identity Solutions Guidance (12 Mar 2024)

    Cybersecurity and Infrastructure Security Agency (CISA) developed Hybrid Identity Solutions Guidance for better understanding identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. This solution's guidance also supports the Secure Cloud Business Application (SCuBA) project’s goal of providing guidance to help agencies effectively implement cybersecurity capabilities as organisations migrate from traditional on-premises infrastructure to the cloud.

  • Multiple Vulnerabilities in Siemens Products (12 Mar 2024)

    Multiple critical, high, medium & low vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.

  • Microsoft Released February 2024 Security Updates (11 Mar 2024)

    Microsoft has released security updates to address critical, high, medium & low vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-21334 (Critical), CVE-2024-21400 (Critical)

  • Vulnerability in macOS Miro Desktop (07 Mar 2024)

    Code injection vulnerability has been discovered in macOS Miro Desktop. The affected version is Miro Desktop 0.8.18.
    CVE ID: CVE-2024-23746 (Critical)

  • Vulnerability in Microsoft Azure Kubernetes Service (07 Mar 2024)

    Remote Code Execution vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container. 
    CVE ID: CVE-2024-21376 (Critical)

  • Vulnerability in Microsoft Azure Site Recovery (07 Mar 2024)

    Elevation of Privilege vulnerability has been discovered in Microsoft Azure Site Recovery. 
    CVE ID: CVE-2024-21364 (Critical)

  • Vulnerability in Chirp Systems' Equipment (07 Mar 2024)

    A use of hard-coded credentials vulnerability has been discovered in Chirp Systems' Equipment-Chirp Access, which allows an attacker to take control and gain unrestricted physical access to systems. All versions of Chirp Access are affected.
    CVE ID: CVE-2024-2197 (Critical)

  • VMware Security Updates (07 Mar 2024)

    VMware has released security updates to address a partial information disclosure vulnerability in VMware Cloud Director. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-22256 (Medium)

  • Apple Security Updates (07 Mar 2024)

    Apple has released security updates to address multiple vulnerabilities in Safari 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4, watchOS 10.4, tvOS 17.4, and visionOS 1.1. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-23273, CVE-2024-23252, CVE-2024-23254, CVE-2024-23263, CVE-2024-23280, CVE-2024-23284, CVE-2024-23291, CVE-2024-23276, CVE-2024-23227, CVE-2024-23233, CVE-2024-23269, CVE-2024-23288, CVE-2024-23277, CVE-2024-23247, CVE-2024-23248, CVE-2024-23249, CVE-2024-23250, CVE-2024-23244, CVE-2024-23205, CVE-2022-48554, CVE-2022-48553, CVE-2024-23270, CVE-2024-23257, CVE-2024-23258, CVE-2024-23286, CVE-2024-23234, CVE-2024-23266, CVE-2024-23235, CVE-2024-23265, CVE-2024-23225, CVE-2024-23278, CVE-2024-0258, CVE-2024-23279, CVE-2024-23287, CVE-2024-23264, CVE-2024-23285, CVE-2024-23283, CVE-2024-23216, CVE-2024-23262, CVE-2024-23296,CVE-2024-23295,CVE-2024-23220,CVE-2024-23246, CVE-2024-23226

  • Vulnerability in GitHub (06 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. The affected versions are GitHub Enterprise Server prior to 3.12.
    CVE ID: CVE-2024-1374 (Critical)

  • Multiple Vulnerabilities in Several Cisco products (06 Mar 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20338 (High), CVE-2024-20337 (High), CVE-2024-20335 (Medium), CVE-2024-20336 (Medium), CVE-2024-20301 (Medium), CVE-2024-20292 (Medium), CVE-2024-20346 (Medium), CVE-2024-20345 (Medium)

  • Multiple Vulnerabilities in Jenkins (06 Mar 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-48795 (Medium), CVE-2024-28149 (High), CVE-2024-28150 (High), CVE-2024-28151 (Medium), CVE-2024-28152 (Medium), CVE-2024-28153 (High), CVE-2024-28154 (Medium), CVE-2024-28155 (Medium), CVE-2024-28161 (Medium), CVE-2024-28162 (Medium), CVE-2024-2215 (Medium), CVE-2024-2216 (Medium), CVE-2024-28156 (High), CVE-2024-28157 (High), CVE-2024-28158 (Medium), CVE-2024-28159 (Medium), CVE-2024-28160 (High)

  • Drupal Security Update (06 Mar 2024)

    Drupal has released security updates to address Access bypass vulnerability in Registration role, a third-party library used in it. The affected versions are Registration role prior to 2.0.1.

  • Google Released Security Updates for Chrome (06 Mar 2024)

    Google has released Chrome Beta 123 (123.0.6312.29) for Android, and Beta channel 123.0.6312.28 for Windows, Mac and Linux.

  • GitLab Security Updates (06 Mar 2024)

    GitLab has released updated versions 16.9.2, 16.8.4, and 16.7.7 for GitLab Community Edition and Enterprise Edition.

  • Red Hat Security Updates (06 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Moxa Security Update (06 Mar 2024)

    Moxa has released security update to address a stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series firmware. The affected versions are Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior.
    CVE ID: CVE-2024-1220 (High)

  • Vulnerability in JetBrains (05 Mar 2024)

    Authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.11.4.
    CVE ID: CVE-2024-27198 (Critical)

  • Juniper Networks Security Updates (05 Mar 2024)

    Juniper Networks has released security updates to address an improper handling of exceptional conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved. All versions of Junos OS and Junos OS Evolved are affected.
    CVE ID: CVE-2023-44186 (High)

  • Apple Security Updates (05 Mar 2024)

    Apple has released security updates to address multiple vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-23243, CVE-2024-23225, CVE-2024-23296, CVE-2024-23256

  • Google Released Security Updates for Chrome (05 Mar 2024)

    Google has released Stable channel 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices, LTS channel 114.0.5735.355 (Platform Version: 15437.95.0) for most ChromeOS devices, Chrome 122 (122.0.6261.105) for Android, Stable channel 122.0.6261.111/.112 for Windows & Mac and 122.0.6261.111 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-0225 (High), CVE-2024-1059 (High), CVE-2024-2173 (High), CVE-2024-2174 (High), CVE-2024-2176 (High)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1372 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1369 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1359 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1355 (Critical)

  • Multiple Vulnerabilities in Nice's Equipment (05 Mar 2024)

    Multiple vulnerabilities have been discovered in Nice's Equipment- Linear eMerge E3-Series. The affected versions are Linear eMerge E3-Series 1.00-06 and prior. The mitigations are available.
    CVE ID: CVE-2019-7253 (Critical), CVE-2019-7254 (High), CVE-2019-7255 (Medium), CVE-2019-7256 (Critical), CVE-2019-7257 (Critical), CVE-2019-7258 (High), CVE-2019-7259 (High), CVE-2019-7260 (Critical), CVE-2019-7261 (Critical), CVE-2019-7265 (Critical), CVE-2019-7262 (High), CVE-2019-7264 (Critical)

  • Vulnerability in Santesoft's Equipment (05 Mar 2024)

    Out-of-Bounds Write vulnerability has been discovered in Santesoft's Equipment- Sante FFT Imaging. The affected versions are Sante FFT Imaging: 1.4.1 and prior. The mitigations are available.
    CVE ID: CVE-2024-1696 (High)

  • Vulnerability in Integration Objects's Equipment (05 Mar 2024)

    Improper Output Neutralization for Logs vulnerability has been discovered in Integration Objects's Equipment- OPC UA Server Toolkit. The affected versions are OPC UA Server Toolkit: 1.0.0 and prior. The mitigations are available.
    CVE ID: CVE-2023-7234 (Medium)

  • Red Hat Security Updates (05 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Android Security Updates (04 Mar 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-03-05 or later, address all of these issues.

  • Mozilla Released Security Update (04 Mar 2024)

    Mozilla has released a security update to address a vulnerability in Thunderbird 115.8.1. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-1936 (High)

  • Google Released Security Update for Chrome (04 Mar 2024)

    Google has released Dev channel 124.0.6329.0 for Windows, Mac & Linux.

  • Vulnerability in Supabase PostgreSQL (04 Mar 2024)

    A SQL injection vulnerability has been discovered in Supabase PostgreSQL. The affected version is Supabase PostgreSQL v15.1.
    CVE ID: CVE-2024-24213 (Critical)

  • Red Hat Security Updates (01 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • RevoWorks Security Updates (29 Feb 2024)

    RevoWorks has released security updates to address a protection mechanism failure vulnerability in RevoWorks SCVX and RevoWorks Browser. The affected versions are RevoWorks SCVX prior to scvimage4.10.21_1013, and RevoWorks Browser prior to 2.2.95.
    CVE ID: CVE-2024-25091 (Low) 

  • Vulnerability in Delta Electronics' Equipment (29 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B that allows executing arbitrary code. The affected versions are CNCSoft-B 1.0.0.4 and prior.
    CVE ID: CVE-2024-1941 (High)

  • Multiple Vulnerabilities in MicroDicom's Equipment (29 Feb 2024)

    Heap based buffer overflow and out of bounds write vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer that allow to cause memory corruption issues leading to execution of arbitrary code. The affected versions are MicroDicom DICOM Viewer 2023.3 (Build 9342) and prior. The mitigations are available.
    CVE ID: CVE-2024-22100 (High), CVE-2024-25578 (High)

  • Phobos Ransomware (29 Feb 2023)

    It has been observed that Phobos ransomware actors are using Tactics, Techniques and Procedures (TTPs) for bypassing organizational network defense protocols by modifying system firewall configurations. Phobos actors typically gain initial access to vulnerable networks by leveraging phishing campaigns to drop hidden payloads or using Internet Protocol (IP) scanning tools. After the exfiltration phase, Phobos actors then hunt for backups. Cybersecurity and Infrastructure Security Agency (CISA )has released a joint cybersecurity advisory to disseminate IOCs, mitigations for protecting systems and TTPs associated with Phobos ransomware.

  • Google Released Security Updates for Chrome (29 Feb 2024)

    Google has released Dev channel 123.0.6312.18 Platform version 15786.10.0 for most ChromeOS devices, Chrome Dev 124 (124.0.6328.0) for Android, Beta channel 123.0.6312.22 for Windows, Mac and Linux, and Chrome Beta 123 (123.0.6312.20) for Android.

  • Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities (29 Feb 2024)

    It has been observed that cyber threat actors are actively exploiting multiple previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The vulnerabilities affect all supported versions (9.x and 22.x) and can be used in a chain of exploits to enable malicious cyber threat actors to bypass authentication, create malicious requests, and execute arbitrary commands with elevated privileges. Cybersecurity and Infrastructure Security Agency (CISA) has released cybersecurity advisory to disseminate IOCs, mitigations & detection methods to protect affected systems and TTPs  associated with threat actors.
    CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical), CVE-2024-21893 (High)

  • Vulnerability in Tongda OA (28 Feb 2024)

    A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
    CVE ID: CVE-2024-1251 (Critical)

  • Vulnerability in openBI (28 Feb 2024)

    An OS command injection vulnerability has been discovered in openBI. The affected versions are openBI up to 1.0.8.
    CVE ID: CVE-2024-1115 (Critical)

  • Vulnerability in Wanhu ezOFFICE (28 Feb 2024)

    A SQL injection vulnerability has been discovered in Wanhu ezOFFICE. The affected version is Wanhu ezOFFICE 11.1.0.
    CVE ID: CVE-2024-1012 (Critical)

  • Vulnerability in Tenda i9 (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda i9. The affected version is Tenda i9 1.0.0.9(4122).
    CVE ID: CVE-2024-0996 (Critical)

  • Vulnerability in Tenda W6 (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda W6. The affected version is Tenda W6 1.0.0.9(4122).
    CVE ID: CVE-2024-0995 (Critical)

  • Vulnerability in Sichuan Yougou Technology KuERP (28 Feb 2024)

    A path traversal vulnerability has been discovered in Sichuan Yougou Technology KuERP. The affected versions are Sichuan Yougou Technology KuERP up to 1.0.4.
    CVE ID: CVE-2024-0989 (Critical)

  • Vulnerability in Tenda (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda AC10U. The affected version is Tenda AC10U 15.03.06.49_multi_TDE01.
    CVE ID: CVE-2024-0931 (Critical)

  • Cisco Released Security Updates for Multiple Products (28 Feb 2024)

    Cisco has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20321 (High), CVE-2024-20267 (High), CVE-2024-20344 (Medium), CVE-2024-20291 (Medium), CVE-2024-20294 (Medium)

  • Drupal Security Updates (28 Feb 2024)

    Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as Drupal Symfony Mailer Lite, Node Access Rebuild Progressive, Private content, and Coffee modules.

  • Google Released Security Updates for Chrome (28 Feb 2024)

    Google has released Chrome 122 (122.0.6261.90) for Android, Stable channel OS version: 15699.72.0 Browser version: 121.0.6167.212 for most ChromeOS devices, and Chrome Beta 123 (123.0.6312.17) for iOS.

  • VMware Security Updates (27 Feb 2024)

    VMware has released security updates to address an out of bounds read vulnerability in VMware Workstation and Fusions. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-22251 (Medium)

  • Vulnerability in Mitsubishi Electric MELSEC iQ-F Series (27 Feb 2024)

    A Denial of Service (DoS) vulnerability has been discovered in the Ethernet function of multiple FA product of Mitsubishi Electric. The affected products are MELSEC iQ-F Series. The mitigation is available.
    CVE ID: CVE-2023-7033 (Medium)

  • Vulnerability in Hitachi Energy (27 Feb 2024)

    An OpenSSH Terrapin Attack vulnerability has been discovered in Hitachi Energy Lumada products. The affected products are Lumada EAM, Lumada APM, Lumada RM & Lumada AIP. The mitigation is available.
    CVE ID: CVE-2023-48795 (Medium)

  • Moxa Security Updates (26 Feb 2024)

    Moxa has released security updates to resolve an IP forwarding vulnerability in Moxa EDS-4000/G4000 Series that can bypass access controls or hide the source of malicious requests. The affected versions are EDS-4000/G4000 Series prior to version 3.2.
    CVE ID: CVE-2024-0387 (Medium)

  • Red Hat Security Updates (26 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (23 Feb 2024)

    Google has released Dev channel 124.0.6315.2 for Windows, Mac and Linux.

  • SonicWall Security Updates (23 Feb 2024)

    SonicWall has released security updates to address improper access control vulnerability in SMA100 SSL-VPN virtual office portal. The affected versions are SMA 100 Series 10.2.1.10-62sv and earlier versions. 
    CVE ID: CVE-2024-22395 (Medium)

  • Vulnerability in Delta Electronics' Equipment (22 Feb 2024)

    An uncontrolled search path element vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B DOPSoft that allows to achieve Remote Code Execution (RCE). The affected versions are CNCSoft-B v1.0.0.4 DOPSoft prior to v4.0.0.82.
    CVE ID: CVE-2024-1595 (High)

  • Vulnerability in ConnectWise ScreenConnect (22 Feb 2024)

    An authentication bypass vulnerability has been discovered in ConnectWise ScreenConnect that allows access to confidential information or critical systems. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
    CVE ID: CVE-2024-1709 (Critical)

  • Google Released Security Updates for Chrome (22 Feb 2024)

    Google has released Chrome Dev 124 (124.0.6315.0) for Android and Stable channel 122.0.6261.69 for Mac & Linux and 122.0.6261.69/.70 for Windows.

  • Red Hat Security Updates (22 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • GitLab Security Updates (21 Feb 2024)

    GitLab has released updated versions 16.9.1, 16.8.3, and 16.7.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1451 (High), CVE-2023-6477 (Medium), CVE-2023-6736 (Medium), CVE-2024-1525 (Medium), CVE-2023-4895 (Medium), CVE-2024-0861 (Medium), CVE-2023-3509 (Low), CVE-2024-0410 (Low)

  • Juniper Released Security Updates (21 Feb 2024)

    Juniper has released security updates to address a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in telemetry processing of Juniper Networks Junos OS. An attacker can exploit this vulnerability to take control of an affected system. The affected products are Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S9, 21.1 versions 21.1R1 and later, 21.2 versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S1, 22.3R3-S1, 22.4 versions prior to 22.4R2-S2, 22.4R3 and 23.1 versions prior to 23.1R2.
    CVE ID: CVE-2023-44188 (Medium)

  • Cisco Released Security Updates for Cisco Unified Intelligence Center (21 Feb 2024)

    Cisco has released security updates to address an insufficient access control vulnerability in Cisco Unified Intelligence Center that allows to read and modify data in a repository that belongs to an internal service on an affected device.
    CVE ID: CVE-2024-20325 (Medium)

  • Google Released Security Updates for Chrome (21 Feb 2024)

    Google has released Chrome Beta 123 (123.0.6312.3) for Android, Chrome 123.0.6312.4 Beta channel for Windows, Mac and Linux, Chrome Beta 123 (123.0.6312.2) for iOS and LTC channel version 120.0.6099.294 (Platform Version: 15662.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1283 (High), CVE-2024-1284 (High)

  • Vulnerability in libgit2 (21 Feb 2024)

    A heap corruption vulnerability has been discovered in libgit2 that can be leveraged for arbitrary code execution. The vulnerability has been patched in version 1.6.5 and 1.7.2.
    CVE ID: CVE-2024-24577 (Critical)

  • Vulnerability in MyQ Print Server (21 Feb 2024)

    An arbitrary code execution vulnerability has been discovered in MyQ Print Server. The affected versions are MyQ Print Server before 8.2 patch 43.
    CVE ID: CVE-2024-22076 (Critical)

  • Cyber Actions for Securing Water Systems (21 Feb 2024)

    CISA has released top cyber actions for securing Water and Wastewater Systems Sector entities, which run Operational Technology (OT) and Information Technology (IT) systems to reduce cyber risk and improve resilience to cyberattacks.

  • Vulnerability in Biosig Project (20 Feb 2024)

    A double-free vulnerability has been discovered in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23809 (Critical)

  • Vulnerability in Biosig Project (20 Feb 2024)

    An out-of-bounds write vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23606 (Critical)

  • Vulnerability in Biosig Project (20 Feb 2024)

    An use-after-free vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23310 (Critical)

  • Mozilla Released Security Updates (20 Feb 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.8, Firefox ESR 115.8, and Firefox 123. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-1546 (High), CVE-2024-1547 (High), CVE-2024-1548 (Medium), CVE-2024-1549 (Medium), CVE-2024-1550 (Medium), CVE-2024-1551 (Medium), CVE-2024-1552 (Low), CVE-2024-1553 (High), CVE-2024-1554 (Medium), CVE-2024-1555 (Medium), CVE-2024-1556 (Low), CVE-2024-1557 (High)

  • Google Released Security Updates for Chrome (20 Feb 2024)

    Google has released Chrome 122 (122.0.6261.64) for Android, Beta channel 122.0.6261.57 for Windows, Mac and Linux, Chrome Beta 122 (122.0.6261.64) for Android, Chrome Stable 122 (122.0.6261.62) for iOS, and Chrome 122.0.6261.57 for Linux and Mac, 122.0.6261.57/.58 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1669 (High), CVE-2024-1670 (High), CVE-2024-1671 (Medium), CVE-2024-1672 (Medium), CVE-2024-1673 (Medium), CVE-2024-1674 (Medium), CVE-2024-1675 (Medium), CVE-2024-1676 (Low)

  • Joomla Security Update (20 Feb 2024)

    Joomla has released security updates to resolve multiple vulnerabilities in Joomla CMS.
    CVE ID: CVE-2023-21726 (Medium), CVE-2023-21725 (High), CVE-2023-21724 (Medium), CVE-2023-21723 (Low), CVE-2023-21722 (Low)

  • Multiple Vulnerabilities in Commend's Equipment (20 Feb 2024)

    Multiple vulnerabilities have been discovered in Commend's Equipment- WS203VICM that allow an attacker to obtain sensitive information or force the system to restart. The affected versions are WS203VICM 1.7 and prior. The mitigation is available.
    CVE ID: CVE-2024-22182 (High), CVE-2024-21767 (Critical), CVE-2024-23492 (Medium)

  • Multiple Vulnerabilities in CISA's Equipment (20 Feb 2024)

    Multiple vulnerabilities have been discovered in CISA's Equipment- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek that allow Remote Code Execution (RCE). The affected versions are Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior. The mitigations are available.
    CVE ID: CVE-2023-7244 (Critical), CVE-2023-7243 (Critical), CVE-2023-7242 (High)

  • VMware Security Updates (20 Feb 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP), VMware Aria Operations and VMware Cloud Foundation. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-22245 (Critical), CVE-2024-22250 (High), CVE-2024-22235 (Medium)

  • Vulnerability in ELECOM Wireless LAN Routers (20 Feb 2024)

    An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
    CVE ID: CVE-2024-25579 (Medium)

  • Multiple Vulnerabilities in ELECOM Wireless LAN Routers (20 Feb 2024)

    Multiple vulnerabilities have been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
    CVE ID: CVE-2024-21798 (Medium), CVE-2024-23910 (Medium)

  • Red Hat Security Updates (20 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Mitsubishi Electric (20 Feb 2024)

    A Remote Code Execution (RCE) vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in Electrical discharge machines of Mitsubishi Electric. The mitigation is available.
    CVE ID: CVE-2023-21554 (Critical)

  • Vulnerability in Torrentpier (19 Feb 2024)

    An arbitrary command execution vulnerability has been discovered due to insecure deserialization in Torrentpier. The affected version is Torrentpier 2.4.1.
    CVE ID: CVE-2024-1651 (Critical) 

  • Vulnerability in Loomio (19 Feb 2024)

    An OS command injection vulnerability has been discovered in Loomio that allows executing arbitrary commands on the server. The affected version is Loomio 2.22.0.
    CVE ID: CVE-2024-1297 (Critical) 

  • Red Hat Security Updates (19 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Rockwell Automation FactoryTalk® Service Platform (16 Feb 2024)

    A privilege escalation vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform (FTSP). The affected products are FactoryTalk® Service Platform software version prior to v2.74. Security updates are available.
    CVE ID: CVE-2024-21915 (Critical)

  • Google Released Security Updates for Chrome (16 Feb 2024)

    Google has updated the Stable channel to OS version 15699.66.0 Browser version 121.0.6167.188 for most ChromeOS devices and LTS channel to 114.0.5735.351 Platform Version: 15437.91.0 to resolve multiple vulnerabilities.
    CVE ID: CVE: CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2023-51042 (High), CVE-2023-6931 (High), CVE-2023-6817 (High), CVE-2023-46813 (High), CVE-2023-6932 (High)

  • Multiple Vulnerabilities in Several IBM Products (16 Feb 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Several NetApp Products (16 Feb 2024)

    Multiple vulnerabilities have been discovered in several NetApp products. 

  • SUSE Security Updates (16 Feb 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Oracle Released January 2024 Critical Patch Update (16 Feb 2024)

    Oracle has released its critical patch update for January 2024 to address 389 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SolarWinds Security Update for Access Rights Manager (15 Feb 2024)

    SolarWinds has released a security update to address multiple vulnerabilities in Access Rights Manager. The affected versions are SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions.
    CVE ID: CVE-2023-40057 (Critical), CVE-2024-23476 (Critical), CVE-2024-23477 (High), CVE-2024-23478 (High), CVE-2024-23479 (Critical)

  • Red Hat Security Updates (15 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (14 Feb 2024)

    Google has released Chrome 122 (122.0.6261.43) for Android, Chrome Beta 122 (122.0.6261.47) for iOS, Chrome Stable 122 (122.0.6261.48) for iOS, Stable channel 122.0.6261.39 for Windows & 122.0.6261.49 for Mac, Beta channel 122.0.6261.39 for Windows, Mac & Linux, and Chrome Beta 122 (122.0.6261.43) for Android.

  • Palo Alto Networks Released Security Updates (14 Feb 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in the Palo Alto Networks PAN-OS.
    CVE ID: CVE-2024-0007 (Medium), CVE-2024-0008 (Medium), CVE-2024-0009 (Medium), CVE-2024-0010 (Medium), CVE-2024-0011 (Medium)

  • Vulnerability in HGiga OAKlouds (14 Feb 2024)

    It has been discovered that the functionality for file download in HGiga OAKlouds' contains an arbitrary file read and delete vulnerability.  
    CVE ID: CVE-2024-26261 (Critical)

  • Vulnerability in HGiga OAKlouds (14 Feb 2024)

    It has been discovered that the functionality for synchronization in HGiga OAKlouds' has an OS command injection vulnerability that allows to inject system commands within specific request parameters.
    CVE ID: CVE-2024-26260 (Critical)

  • Vulnerability in SonicWall (14 Feb 2024)

    An improper authentication vulnerability has been discovered in SonicWall SonicOS SSL-VPN feature. The affected version is SonicOS 7.1.1-7040. 
    CVE ID: CVE-2024-22394 (Critical)

  • Vulnerability in Axigen WebMail (14 Feb 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Axigen WebMail that allows to escalate privileges. The affected versions are Axigen WebMail v.10.5.7 and before. 
    CVE ID: CVE-2023-48974 (Critical)

  • Vulnerability in SQLAlchemyDA (14 Feb 2024)

    A vulnerability has been discovered in SQLAlchemyDA that allows unauthenticated execution of arbitrary SQL statements on the database. The affected products are SQLAlchemyDA versions prior to 2.2.
    CVE ID: CVE-2024-24811 (Critical)

  • Vulnerability in Juanpao JPShop (14 Feb 2024)

    An unrestricted upload vulnerability has been discovered in Juanpao JPShop. The affected versions are Juanpao JPShop up to 1.5.02.
    CVE ID: CVE-2024-1264 (Critical)

  • Vulnerability in Tenda AC9 (14 Feb 2024)

    A buffer overflow vulnerability has been discovered in Tenda AC9. The affected version is Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi.
    CVE ID: CVE-2024-24543 (Critical)

  • Drupal Security Update (14 Feb 2024)

    Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability in CKEditor 4 LTS - WYSIWYG HTML editor, a third-party library used in it. The affected versions are CKEditor 4 LTS - WYSIWYG HTML editor 1.0.0 and below 1.0.1.
    CVE ID: CVE-2024-24815

  • CVE - KB Correlation (14 Feb 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during February 2024.

  • Security Updates for Multiple Vulnerabilities in Siemens Products (13 Feb 2024)

    Siemens has released Security Updates to address multiple vulnerabilities in its products. These updates as per OEM recommendations may be implemented.

  • Schneider Electric Security Updates (13 Feb 2024)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-6409 (High), CVE-2023-27975 (High), CVE-2024-0568 (High), CVE-2024-0865 (High), CVE-2018-7846 (Medium), CVE-2018-7849 (High), CVE-2018-7843 (High), CVE-2018-7848 (Medium), CVE-2018-7842 (High), CVE-2018-7847 (Critical), CVE-2018-7850 (High), CVE-2018-7845 (High), CVE-2018-7852 (High), CVE-2018-7853 (High), CVE-2018-7854 (High), CVE-2018-7855 (High), CVE-2018-7856 (High), CVE-2018-7857 (High), CVE-2019-6806 (High),  CVE-2019-6807 (High), CVE-2019-6808 (Critical), CVE-2018-7844 (High), CVE-2019-6830 (Medium), CVE-2019-6828 (High), CVE-2019-6829 (High), CVE-2019-6809 (High)

  • Vulnerability in Mitsubishi Electric (13 Feb 2024)

    An information disclosure vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series Safety CPU and SIL2 Process CPU module. All versions of MELSEC iQ-R Series Safety CPU and MELSEC iQ-R Series SIL2 Process CPU are affected. The mitigation is available.
    CVE ID: CVE-2023-6815 (Medium)

  • Adobe Released Security Updates (13 Feb 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20738 (Critical),CVE-2024-20739 (High), CVE-2024-20750 (High), CVE-2024-20719 (Critical), CVE-2024-20720 (Critical)

  • Microsoft Released February 2024 Security Updates (13 Feb 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-21364 (Critical), CVE-2024-21376 (Critical), CVE-2024-21401 (Critical), CVE-2024-21403 (Critical), CVE-2024-21410 (Critical), CVE-2024-21413 (Critical)

  • Multiple Vulnerabilities in Siemens Products (13 Feb 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
    CVE ID: CVE-2023-38199 (Critical), CVE-2023-29405 (Critical), CVE-2023-29404 (Critical), CVE-2023-29402 (Critical), CVE-2023-45871 (Critical), CVE-2023-45614 (Critical), CVE-2023-45615 (Critical), CVE-2023-45616 (Critical), CVE-2023-44373 (Critical), CVE-2024-23816 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-50868 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-50387 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-6516 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5680 (Medium)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5679 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5517 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-4408 (High)

  • Google Released Security Updates for Chrome (13 Feb 2024)

    Google has released Chrome 121 (121.0.6167.178) for Android, Extended Stable channel 120.0.6099.291 for Windows & Mac, Stable channel 121.0.6167.184 for Mac & Linux and 121.0.6167.184/185 to Windows.

  • Vulnerability in Malwarebytes Binisoft Windows Firewall Control (12 Feb 2024)

    Arbitrary code execution vulnerability has been discovered in Malwarebytes Binisoft Windows Firewall Control. The affected versions are Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2.
    CVE ID: CVE-2024-25089 (Critical)

  • Vulnerability in Novel-Plus (09 Feb 2024)

    A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
    CVE ID: CVE-2024-24021 (Critical)

  • Vulnerability in Novel-Plus (09 Feb 2024)

    A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
    CVE ID: CVE-2024-24017 (Critical)

  • Vulnerability in jshERP (09 Feb 2024)

    A SQL injection vulnerability has been discovered in jshERP. The affected version is jshERP v3.3.
    CVE ID: CVE-2024-24003 (Critical)

  • Vulnerability in Jsish (09 Feb 2024)

    A use after free vulnerability has been discovered in Jsish. The affected version is Jsish v3.5.0.
    CVE ID: CVE-2024-24189 (Critical)

  • Vulnerability in Jsish (09 Feb 2024)

    A heap buffer overflow vulnerability has been discovered in Jsish. The affected version is Jsish v3.5.0.
    CVE ID: CVE-2024-24188 (Critical)

  • Vulnerability in Johnson Controls (08 Feb 2024)

    A vulnerability has been discovered in Johnson Controls impacting IQ Panel 4 and IQ4 Hub, which allows unauthorized access to settings. All versions of IQ Panel 4 prior to 4.4.2 and all versions of IQ4 Hub prior to 4.4.2 are affected. The mitigations are available.
    CVE ID: CVE-2024-0242

  • Microsoft Edge Security Updates (08 Feb 2024)

    Microsoft has released updated Microsoft Edge Stable Channel Version 121.0.2277.112 and Microsoft Edge Extended Stable Channel Version 120.0.2210.175. 

  • Vulnerability in FortiOS (08 Feb 2024)

    An out-of-bounds write vulnerability has been discovered in FortiOS that can allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. The updates are available.
    CVE ID: CVE-2024-21762 (Critical)

  • Vulnerability in FortiOS (08 Feb 2024)

    An use of externally-controlled format string vulnerability has been discovered in FortiOS fgfmd daemon that can allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The updates are available.
    CVE ID: CVE-2024-23113 (Critical)

  • Red Hat Security Updates (08 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Fortinet FortiSIEM (07 Feb 2024)

    An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
    CVE ID: CVE-2024-23109 (Critical)

  • Vulnerability in Fortinet FortiSIEM (07 Feb 2024)

    An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
    CVE ID: CVE-2024-23108 (Critical)

  • Vulnerability in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin (07 Feb 2024)

    A SQL injection vulnerability has been discovered in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. The affected versions are Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin versions up to, and including, 3.7.1.
    CVE ID: CVE-2024-0685 (Critical)

  • Vulnerability in Vinchin Backup & Recovery (07 Feb 2024)

    A vulnerability has been discovered in Vinchin Backup & Recovery that allows to be configured with default root credentials. The affected version is Vinchin Backup & Recovery v7.2.
    CVE ID: CVE-2024-22902 (Critical)

  • Vulnerability in Vinchin Backup & Recovery (07 Feb 2024)

    A vulnerability has been discovered in Vinchin Backup & Recovery due to the use of default MYSQL credentials. The affected version is Vinchin Backup & Recovery v7.2.
    CVE ID: CVE-2024-22901 (Critical)

  • Vulnerability in Rockwell Automation (07 Feb 2024)

    A vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform that allows to obtain the service token and use it for authentication on another FTSP directory.
    CVE ID: CVE-2024-21917 (Critical)

  • Cisco Released Security Updates for Cisco Expressway Series (07 Feb 2024)

    Cisco has released security updates to address multiple Cross Site Request Forgery (CSRF) vulnerabilities in Cisco Expressway Series. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20252 (Critical), CVE-2024-20254 (Critical), CVE-2024-20255 (High)

  • Google Released Security Updates for Chrome (07 Feb 2024)

    Google has released Chrome Beta 122 (122.0.6261.27) for Android, Chrome Stable 121 (121.0.6167.171) for iOS, Beta channel 122.0.6261.29 for Windows, Mac & Linux, LTC-120 version 120.0.6099.272 (Platform Version: 15662.88.0) for most ChromeOS devices, Chrome Beta 122 (122.0.6261.26) for iOS and Stable channel OS version 15699.58.0 Browser version 121.0.6167.159 for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1280 (Medium), CVE-2024-1281 (Medium), CVE-2024-25556 (Medium), CVE-2024-25557 (Medium), CVE-2024-25558 (Medium), CVE-2023-6817 (Medium), CVE-2023-6932 (Medium), CVE-2024-0806 (Medium), CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2024-0813 (Medium), CVE-2024-0814 (Medium),  CVE-2024-0809 (Low), CVE-2024-0811 (Low)

  • Cisco Released Security Updates for ClamAV OLE2 File Format Parser (07 Feb 2024)

    Cisco has released security updates to address a Denial of Service (DoS) vulnerability in ClamAV OLE2 File Format Parser.
    CVE ID: CVE-2024-20290 (High)

  • GitLab Security Updates (07 Feb 2024)

    GitLab has released updated versions 16.8.2, 16.7.5, and 16.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2024-1250 (Medium), CVE-2023-6840 (Medium), CVE-2023-6386 (Medium), CVE-2024-1066 (Medium)

  • Red Hat Security Updates (07 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • JetBrains Released Security Update for TeamCity On-Premises (06 Feb 2024)

    JetBrains has released security update for TeamCity On-Premises to address a vulnerability that allow unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server. All versions of TeamCity On-Premises from 2017.1 through 2023.11.2 are affected.
    CVE ID: CVE-2024-23917 (Critical)

  • Vulnerability in IBM Operational Decision Manager (06 Feb 2024)

    Remote code execution vulnerability has been discovered in IBM Operational Decision Manager. The affected versions are IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1.
    CVE ID: CVE-2024-22319 (Critical)

  • Vulnerability in Notion Web Clipper (06 Feb 2024)

    Arbitrary command execution vulnerability has been discovered in Notion Web Clipper. The affected version is Notion Web Clipper 1.0.3(7).
    CVE ID: CVE-2024-23745 (Critical)

  • Vulnerability in HID Global's Equipment (06 Feb 2024)

    Improper Authorization vulnerability has been discoveerd in HID Global's Equipment- iCLASS SE, OMNIKEY. All versions of iCLASS SE CP1000 Encoder, iCLASS SE Readers, iCLASS SE Reader Modules, iCLASS SE Processors, OMNIKEY 5427CK Readers, OMNIKEY 5127CK Readers, OMNIKEY 5023 Readers, and OMNIKEY 5027 Readers are affected.
    CVE ID: CVE-2024-22388 (Medium)

  • Vulnerability in HID Global's Equipment (06 Feb 2024)

    Improper Authorization vulnerability has been discovered in HID Global's Equipment- Reader Configuration Cards. All versions of HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards are affected.
    CVE ID: CVE-2024-23806 (Medium)

  • Cisco Released Security Updates for Multiple Products (06 Feb 2024)

    Cisco has released security updates to address Snort access control policy bypass vulnerability in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20246 (Medium)

  • VMware Security Updates (06 Feb 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-22237 (High), CVE-2024-22238 (Medium), CVE-2024-22239 (Medium), CVE-2024-22240 (Medium), CVE-2024-22241 (Medium)

  • Google Released Security Update for Chrome (06 Feb 2024)

    Google has released Chrome 121 (121.0.6167.164) for Android, Stable channel 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 for Windows, and Extended Stable channel 120.0.6099.283 for Windows and Mac.
    CVE ID: CVE-2024-1284 (High), High CVE-2024-1283 (High)

  • SUSE Security Updates (06 Feb 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in JFinalCMS (06 Feb 2024)

    SQL injection vulnerability has been discovered in JFinalCMS. The affected version is JFinalCMS 5.0.0.
    CVE ID: CVE-2024-24029 (Critical)

  • Vulnerability in CrateDB (06 Feb 2024)

    Authentication bypass vulnerability has been discovered in the Admin UI component of CrateDB. The affected version is CrateDB 5.5.1.
    CVE ID: CVE-2023-51982 (Critical)

  • Vulnerability in Wanhu ezOFFICE (05 Feb 2024)

    A SQL injection vulnerability has been discovered in Wanhu ezOFFICE. The affected version is Wanhu ezOFFICE 11.1.0.
    CVE ID: CVE-2024-1012 (Critical)

  • Vulnerability in openBI (05 Feb 2024)

    An unrestricted upload vulnerability has been discovered in openBI. The affected versions are openBI up to 1.0.8.
    CVE ID: CVE-2024-1036 (Critical)

  • Vulnerability in 'HTML5 Video Player' WordPress Plugin (05 Feb 2024)

    A SQL injection vulnerability has been discovered in the 'HTML5 Video Player' WordPress Plugin. The affected versions are 'HTML5 Video Player' WordPress Plugin prior to 2.5.25.
    CVE ID: CVE-2024-1061 (Critical)

  • Google Released Security Update for Chrome (05 Feb 2024)

    Google has released Beta channel OS version: 15699.54.0, Browser version: 121.0.6167.155 for most ChromeOS devices.

  • Android Security Updates (05 Feb 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-02-05 or later, address all of these issues.

  • Docker Security Updates (01 Feb 2024)

    Docker has released security updates to resolve multiple vulnerabilities in several products. The affected versions are runc 1.1.11 and below, BuildKit 0.12.4 and below, Moby (Docker Engine) 25.0.1 and below and 24.0.8 and below, and Docker Desktop 4.27.0 and below.
    CVE ID: CVE-2024-21626 (High), CVE-2024-23651 (High), CVE-2024-23652 (High), CVE-2024-23653 (High), CVE-2024-23650 (Medium), CVE-2024-24557 (Medium)

  • Multiple Vulnerabilities in Ivanti Products (01 Feb 2024)

    Privilege escalation, and Server-side request forgery vulnerabilities have been discovered in Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways are affected. The patches and mitigations are available.
    CVE ID: CVE-2024-21888 (High), CVE-2024-21893 (High)

  • Vulnerability in AVEVA's Equipment (01 Feb 2024)

    An uncontrolled search path element vulnerabilitiy have been discovered in AVEVA's Equipment- AVEVA Edge products aka  InduSoft Web Studio that results in  achieving arbitrary code execution and privilege escalation . The affected versions are AVEVA Edge 2020 R2 SP2 and prior. The mitigation is available.
    CVE ID: CVE-2023-6132 (High)

  • Microsoft Edge Security Updates (01 Feb 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 121.0.2277.98) and Microsoft Edge Extended Stable Channel (120.0.2210.167) to resolve vulnerability.
    CVE ID: CVE-2024-21399 (High)

  • Multiple Vulnerabilities in Gessler GmbH's Equipment (01 Feb 2024)

    Multiple vulnerabilities have been discovered in Gessler GmbH's Equipment- WEB-MASTER. The affected version is WEB-MASTER 7.9. The mitigation is available.
    CVE ID: CVE-2024-1039 (Critical), CVE-2024-1040 (Medium)

  • Trend Micro Security Update for Trend Micro Apex Central (31 Jan 2024)

    Trend Micro has released a security update to address multiple vulnerabilities in Trend Micro Apex Central, Platform: Windows. The affected versions are Trend Micro Apex Central 2019 (On-prem builds before 6570).
    CVE ID: CVE-2023-52324 (Medium), CVE-2023-52325 (High), CVE-2023-52326 (Medium), CVE-2023-52327 (Medium), CVE-2023-52328 (Medium), CVE-2023-52329 (Medium), CVE-2023-52330 (Medium), CVE-2023-52331 (Critical)

  • Vulnerability in WebUI of Google Chrome (29 Jan 2024)

    An integer underflow vulnerability has been discovered in WebUI of Google Chrome, which allows heap corruption via a malicious file. The affected versions are WebUI of Google Chrome prior to 121.0.6167.85. Security updates are available.
    CVE ID: CVE-2024-0808 (Critical)

  • Vulnerability in Webkul Bundle Product (29 Jan 2024)

    A SQL injection vulnerability has been discovered in Webkul Bundle Product that allows to execute arbitrary code. The affected version is Webkul Bundle Product 6.0.1.
    CVE ID: CVE-2023-51210 (Critical)

  • Vulnerability in TOTOLINK (29 Jan 2024)

    A stack overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK A3700R_V9.1.2u.6165_20211012.
    CVE ID: CVE-2024-22662 (Critical)

  • Vulnerability in Fortra (29 Jan 2024)

    An authentication bypass vulnerability has been discovered in Fortra's GoAnywhere MFT. The affected versions are Fortra GoAnywhere MFT prior to 7.4.1.
    CVE ID: CVE-2024-0204 (Critical)

  • Vulnerability in darkhttpd (26 Jan 2024)

    An authentication bypass vulnerability has been discovered in darkhttpd. The affected versions are darkhttpd before 1.15.
    CVE ID: CVE-2024-23771 (Critical)

  • Vulnerability in OpenAPI loader for Embedchain (26 Jan 2024)

    An arbitrary code execution vulnerability has been discovered in OpenAPI loader for Embedchain. The affected versions are OpenAPI loader ifor Embedchain before 0.1.57.
    CVE ID: CVE-2024-23731 (Critical)

  • Vulnerability in Enonic XP (26 Jan 2024)

    A session fixation vulnerability has been discovered in Enonic XP. The affected versions are Enonic XP versions less than 7.7.4.
    CVE ID: CVE-2024-23679 (Critical)

  • Google Released Security Updates for Chrome (26 Jan 2024)

    Google has released LTC-120  version 120.0.6099.235 (Platform Version: 15662.76.0) for most ChromeOS devices. 

  • Microsoft Edge Security Updates (25 Jan 2024)

    Microsoft Edge (Chromium-based) has released Microsoft Edge Stable Channel (Version 121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to resolve elevation of privilege vulnerability which can lead to a full compromise of the browser.
    CVE ID: CVE-2024-21326 (Critical)

  • Red Hat Security Updates (25 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Jenkins (24 Jan 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)

  • Cisco Released Security Updates for Cisco Small Business Series Switches  (24 Jan 2024)

    Cisco has released security updates to resolve bypass vulnerability in Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches.
    CVE ID: CVE-2024-20263 (Medium)

  • Cisco Released Security Updates for Cisco Unity Connection (24 Jan 2024)

    Cisco has released security updates to resolve a Cross Site Scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection.
    CVE ID: CVE-2024-20305 (Medium)

  • Cisco Released Security Updates for Cisco Unified Communications and Contact Center Solutions products (24 Jan 2024)

    A critical vulnerability has been discovered in multiple Cisco Unified Communications and Contact Center Solutions products. Successful exploitation can allow to execute arbitrary code on an affected device.
    CVE ID: CVE-2024-20253 (Critical)

  • Multiple Vulnerabilities in Jenkins Products (24 Jan 2024)

    Multiple Vulnerabilities have been discovered in several Jenkins products which may lead to Remote Code Execution (RCE).
    CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)

  • Google Released Security Updates for Chrome (24 Jan 2024)

    Google has released Chrome Beta 122 (122.0.6261.3) for iOS and Beta 122 (122.0.6261.5) for Android.

  • Multiple Vulnerabilities in Several IBM Products (24 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SUSE Security Updates (24 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in GitHub (23 Jan 2024)

    An unsafe reflection vulnerability has been discovered in GitHub Enterprise Server that can lead to reflection injection. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-0200 (Critical)

  • Vulnerability in Totolink (23 Jan 2024)

    A critical vulnerability has been discovered in Totolink that leads to improper access controls. The affected version is Totolink N350RT 9.3.5u.6265.
    CVE ID: CVE-2024-0570 (Critical)

  • Vulnerability in Intumit inc. SmartRobot (23 Jan 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Intumit inc. SmartRobot's web framework.
    CVE ID: CVE-2024-0552 (Critical)

  • Multiple Vulnerabilities in Voltronic Power's Equipment (23 Jan 2024)

    Multiple vulnerabilities have been discovered in Voltronic Power's Equipment- ViewPower Pro. The affected version is ViewPower Pro 2.0-22165.
    CVE ID: CVE-2023-51570 (Critical), CVE-2023-51571 (High), CVE-2023-51572 (Critical), CVE-2023-51573 (Critical)

  • Vulnerability in APsystems' Equipment (23 Jan 2024)

    An improper access control vulnerability has been discovered in APsystems' Equipment- Energy communication Unit (ECU-C) Power Control Software. The affected versions are Energy Communication Unit Power Control Software: C1.2.2, v3.11.4, W2.1.NA, v4.1SAA and v4.1NA.
    CVE ID: CVE-2022-44037 (High)

  • Security Update for Crestron (23 Jan 2023)

    Crestron has released a security update to address an OS command injection vulnerability in its equipment- AM-300. The affected version is AM-300 1.4499.00018.
    CVE ID: CVE-2023-6926 (High)

  • Multiple Vulnerabilities in Westermo's Equipment (23 Jan 2024)

    Multiple vulnerabilities have been discovered in Westermo's equipment- Lynx 206-F2G. The affected versions are Lynx: Model Version L206-F2G1, and Lynx: Firmware Version 4.24. The mitigation is available.
    CVE ID: CVE-2023-40143 (Medium), CVE-2023-45222 (Medium), CVE-2023-45735 (High), CVE-2023-45213 (Medium), CVE-2023-42765 (Medium), CVE-2023-40544 (Medium), CVE-2023-38579 (High), CVE-2023-45227 (Medium)

  • Vulnerability in Lantronix's Equipment (23 Jan 2024)

    A weak encoding for password vulnerability has been discovered in Lantronix's Equipment- XPort. The affected version is XPort Device Server Configuration Manager 2.0.0.13.
    CVE ID: CVE-2023-7237 (Medium)

  • Vulnerability in Orthanc's Equipment (23 Jan 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Orthanc's Equipment- Osimis Web Viewer. The affected version is Osimis WebViewer 1.4.2.0-9d9eff4. The mitigation is available.
    CVE ID: CVE-2023-7238 (High)

  • Vulnerability in TOTOlink (17 Jan 2024)

    A Remote Command Execution (RCE) vulnerability has been discovered in TOTOlink. The affected version is TOTOlink EX1200T V4.1.2cu.5232_B20210713. 
    CVE ID: CVE-2023-52032 (Critical)

  • Vulnerability in D-Link (17 Jan 2024)

    An arbitrary code execution vulnerability has been discovered in D-Link. The affected version is D-Link dir815 v.1.01SSb08.bin. 
    CVE ID: CVE-2023-51123 (Critical)

  • Vulnerability in Wuzhicms (17 Jan 2024)

    A SQL injection vulnerability has been discovered in Wuzhicms. The affected version is Wuzhicms v4.1.0. 
    CVE ID: CVE-2023-52064 (Critical)

  • Vulnerability in FLIR AX8 (17 Jan 2024)

    A command injection vulnerability has been discovered in FLIR AX8. The affected versions are FLIR AX8 up to 1.46.16. 
    CVE ID: CVE-2023-51126 (Critical)

  • Vulnerability in Redis (17 Jan 2024)

    An integer overflow vulnerability has been discovered in Redis that leads to heap overflow and potential Remote Code Execution (RCE). Security updates are available.
    CVE ID: CVE-2023-41056 (Critical)

  • Microsoft Edge Security Update (17 Jan 2024)

    Microsoft has released security update to address vulnerability in Microsoft Edge Stable Channel (Version 120.0.2210.144) to resolve a vulnerability.
    CVE ID: CVE-2024-0519

  • Google Released Security Update for Chrome (17 Jan 2024)

    Google has released Chrome Stable 121 (121.0.6167.66) for iOS, Chrome Beta 121 (121.0.6167.71) for Android, Stable channel 121.0.6167.75 for Windows and Mac, and Beta channel 121.0.6167.75 for Windows, Mac and Linux.

  • Trend Micro Security Update for Trend Micro Deep Security (16 Jan 2024)

    Trend Micro has released a security update to address local privilege escalation vulnerabilities in Trend Micro Deep Security Agent, Platform: Windows. The affected version is Trend Micro Deep Security Agent (Including Cloud One - Endpoint and Workload Security) 20.0.
    CVE ID: CVE-2023-52337 (High), CVE-2023-52338 (High)

  • Vulnerability in soxft TimeMail (16 Jan 2024)

    A SQL injection vulnerability has been discovered in soxft TimeMail. The affected versions are soxft TimeMail up to 1.1.
    CVE ID: CVE-2024-0344 (Critical)

  • VMware Security Updates (16 Jan 2024)

    VMware has released security updates to address a missing access control vulnerability in VMware Aria Automation & VMware Cloud Foundation. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34063 (Critical)

  • Red Hat Security Updates (16 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • GitLab Security Updates (12 Jan 2024)

    GitLab has released updated versions 16.7.3, 16.6.5, and 16.5.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • Multiple Vulnerabilities in Several NetApp Products (12 Jan 2024)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2023-26031 (High), CVE-2023-29258 (High), CVE-2023-45178 (High), CVE-2023-45287 (High), CVE-2023-46167 (High), CVE-2023-6337 (High), CVE-2023-6534 (High), CVE-2023-7104 (High)

  • Vulnerability in Tenda (12 Jan 2024)

    A stack overflow vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
    CVE ID: CVE-2023-51970 (Critical)

  • Vulnerability in Tenda (12 Jan 2024)

    A command injection vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
    CVE ID: CVE-2023-51972 (Critical)

  • Vulnerability in Tenda A18 (12 Jan 2024)

    A stack overflow vulnerability has been discovered in Tenda A18. The affected version is Tenda A18 v15.13.07.09.
    CVE ID: CVE-2023-50585 (Critical)

  • Cisco Released Security Update for Cisco TelePresence Management Suite (12 Jan 2024)

    Cisco has released security update to address multiple vulnerabilities in Cisco TelePresence Management Suite. The affected versions are Cisco TelePresence Management Suite earlier than 15.13.6.
    CVE ID: CVE-2023-20248, CVE-2023-20249

  • Google Released Security Update for Chrome (12 Jan 2024)

    Google has released LTC-120 version 120.0.6099.203 (Platform Version: 15662.64.3) for most ChromeOS devices. 

  • Vulnerability in TRENDnet (12 Jan 2024)

    A stack overflow vulnerability has been discovered in TRENDnet that leads to arbitrary command execution. The affected version is TRENDnet TV-IP1314PI 5.5.3 200714.
    CVE ID: CVE-2023-49236 (Critical)

  • CVE - KB Correlation (12 Jan 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during January 2024.

  • Microsoft Edge Security Update (11 Jan 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.133) to resolve vulnerabilities.
    CVE ID: CVE-2024-21337 (Medium), CVE-2024-20709, CVE-2024-20721, CVE-2024-20675 (Medium)

  • Apple Security Update (11 Jan 2024)

    Apple has released security update to address a session management vulnerability in Magic Keyboard Firmware.
    CVE ID: CVE-2024-0230

  • Vulnerability in Totolink (11 Jan 2024)

    A buffer overflow vulnerability has been discovered in Totolink X2000R. The affected version is Totolink X2000R 1.0.0-B20221212.1452.
    CVE ID: CVE-2023-7222 (Critical)

  • Vulnerability in NetScout nGeniusOne (11 Jan 2024)

    An arbitrary code execution vulnerability has been discovered that causes Denial of Service (DoS) in NetScout nGeniusOne. The affected version is NetScout nGeniusOne v.6.3.4.
    CVE ID: CVE-2023-26999 (Critical)

  • Vulnerability in GitHub Repository gpac/gpac (11 Jan 2024)

    An out of bounds read vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
    CVE ID: CVE-2024-0322 (Critical)

  • Vulnerability in GitHub Repository gpac/gpac (11 Jan 2024)

    A stack based buffer overflow vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
    CVE ID: CVE-2024-0321 (Critical)

  • Vulnerability in Youke365 (11 Jan 2024)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in Youke365. The affected versions are Youke365 up to 1.5.3.
    CVE ID: CVE-2024-0304 (Critical)

  • Vulnerability in DeDeCMS (11 Jan 2024)

    A vulnerability has been discovered in DeDeCMS that leads to unrestricted uploading. The affected versions are DeDeCMS up to 5.7.112.
    CVE ID: CVE-2023-7212 (Critical)

  • Multiple Vulnerabilities in Rapid Software LLC's Equipment (11 Jan 2024)

    Multiple vulnerabilities have been discovered in Rapid Software LLC's Equipment- Rapid SCADA. The affected versions are Rapid SCADA 5.8.4 and prior.
    CVE ID: CVE-2024-21852 (High), CVE-2024-22096 (Medium), CVE-2024-22016 (High), CVE-2024-21794 (Medium), CVE-2024-21764 (Critical), CVE-2024-21869 (Medium), CVE-2024-21866 (Medium)

  • Vulnerability in Horner Automation's Equipment (11 Jan 2024)

    A stack based buffer overflow vulnerability has been discovered in Horner Automation's Equipment- Cscape that allows to execute arbitrary code. The affected versions are Cscape 9.90 SP10 and prior.
    CVE ID: CVE-2023-7206 (High)

  • Google Released Security Updates for Chrome (11 Jan 2024)

    Google has released Dev channel 122.0.6226.0 (Platform version: 15739.0.0) for most ChromeOS devices, Chrome Dev 122 (122.0.6238.3) for Android and Dev channel 122.0.6238.2 for Windows, Mac & Linux.

  • Juniper Released Security Updates (10 Jan 2024)

    Juniper has released security updates to address a missing release of memory after effective lifetime vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that allows to cause a Denial of Service (DoS) condition.
    CVE ID: CVE-2024-21611 (High)

  • Vulnerability in Lotos WebServer (10 Jan 2024)

    A use after free vulnerability has been discovered in Lotos WebServer. The affected versions are Lotos WebServer through 0.1.1.
    CVE ID: CVE-2024-22088 (Critical)

  • Vulnerability in Tenda (10 Jan 2024)

    A Remote Code Execution(RCE) vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 v16.03.12.11.
    CVE ID: CVE-2023-51812 (Critical)

  • Vulnerability in Jizhicms (10 Jan 2024)

    An arbitrary file download vulnerability has been discovered in Jizhicms. The affected version is Jizhicms v2.5.
    CVE ID: CVE-2023-51154 (Critical)

  • Vulnerability in Arcserve UDP (10 Jan 2024)

    A path traversal vulnerability has been discovered in Arcserve UDP. The affected versions are Arcserve UDP prior to 9.2. 
    CVE ID: CVE-2023-42000 (Critical)

  • Multiple Vulnerabilities in Ivanti Products (10 Jan 2024)

    The authentication bypass and command injection vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure and Ivanti Policy Secure Gateways are affected. The mitigation is available.
    CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical)

  • Cisco Released Security Updates for Cisco Unity Connection (10 Jan 2024)

    Cisco has released security updates to address an unauthenticated arbitrary file Upload vulnerability in Cisco Unity Connection. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-20272 (Critical)

  • Multiple Vulnerabilities in Cisco Products (10 Jan 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)

  • Drupal Security Update (10 Jan 2024)

    Drupal has released security updates to address Cross Site Scripting (XSS) vulnerability in Typogrify, a third-party library used in it. 

  • Drupal Security Update (10 Jan 2024)

    Drupal has released security updates to address the Cross Site Scripting (XSS) and access bypass vulnerabilities in File entity, a third-party library used in it.

  • Google Released Security Updates for Chrome (10 Jan 2024)

    Google has released Beta channel 121.0.6167.57 for Windows, Mac & Linux, Chrome Beta 121 (121.0.6167.56) for iOS, Beta channel OS version: 15699.29.0, Browser version: 121.0.6167.49 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.57) for Android and LTS channel 114.0.5735.346 (Platform Version: 15437.84.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-7024 (High), CVE-2023-5197 (High), CVE-2023-5851 (Medium), CVE-2023-5852 (Medium), CVE-2023-5855 (Medium)

  • Trend Micro Security Updates for Trend Micro Apex One (09 Jan 2024)

    Trend Micro has released security updates to address local privilege escalation vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service, Platform: Windows. The affected versions are Trend Micro Apex One 2019 (On-prem) and Trend Micro Apex One as a Service SaaS.
    CVE ID: CVE-2023-52090 (High), CVE-2023-52091 (High), CVE-2023-52092 (High), CVE-2023-52093 (High), CVE-2023-52094 (High)

  • Multiple Vulnerabilities in Siemens Products (09 Jan 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-49621 (Critical), CVE-2023-51438 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)

  • SAP Released January 2024 Security Notes (09 Jan 2024)

    SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-49583 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-50423 (Critical), CVE-2023-50424 (Critical)

  • Microsoft Released December 2023 Security Updates (09 Jan 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-0057 (Critical), CVE-2024-20674 (Critical)

  • Adobe Released Security Updates (09 Jan 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Stager. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)

  • Multiple Vulnerabilities in Fortinet Products (09 Jan 2024)

    An improper privilege management vulnerability has been discovered in FortiOS and FortiProxy. The affected versions are FortiOS 7.4, FortiOS 7.2, and FortiProxy 7.4. Security updates are available. 
    CVE ID: CVE-2023-44250 (High)

  • Google Released Security Updates for Chrome (09 Jan 2024)

    Google has released Chrome 120 (120.0.6099.210) for Android, and Stable channel 120.0.6099.216 for Mac, Linux and 120.0.6099.216/217 to Windows to resolve vulnerability.
    CVE ID: CVE-2024-0333 (High)

  • Schneider Electric's Security Updates (09 Jan 2024)

    Schneider Electric's has released security updates to address Deserialization of untrusted data vulnerability in Easergy Studio product. The affected versions are Easergy Studio prior to v9.3.5.
    CVE ID: CVE-2023-7032 (High)

  • Terrapin SSH Attack in PAN-OS (09 Jan 2024)

    A vulnerability has been discovered in PAN-OS software that allows to intercept SSH traffic on the PAN-OS management network causes Machine in the Middle (MitM) attacks.
    CVE ID: CVE-2023-48795

  • Vulnerability in spider-flow (08 Jan 2024)

    Code injection vulnerability has been discovered in spider-flow. The affected version is spider-flow 0.4.3.
    CVE ID: CVE-2024-0195 (Critical)

  • Vulnerability in SpringBlade (08 Jan 2024)

    A privilege escalation vulnerability has been discovered in SpringBlade. The affected versions are SpringBlade v.3.7.0 and before.
    CVE ID: CVE-2023-47458 (Critical)

  • Google Released Security Updates for Chrome (08 Jan 2024)

    Google has released Stable channel 120.0.6099.203 (Platform version: 15662.64.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-7024 (High), CVE-2023-6508 (High), CVE-2023-6509 (High), CVE-2023-6511 (Low), CVE-2023-39191 (Medium)

  • Vulnerability in Presslabs Theme (05 Jan 2024)

    A deserialization of untrusted data vulnerability has been discovered in Presslabs Theme per user. The affected versions are Theme per user: from n/a through 1.0.1.
    CVE ID: CVE-2023-52181 (Critical) 

  • Vulnerability in TOTOLINK (05 Jan 2024)

    A Remote Command Execution (RCE) vulnerability has been discovered in TOTOLINK X6000R. The affected version is TOTOLINK X6000R v9.4.0cu.852_B20230719.
    CVE ID: CVE-2023-50651 (Critical)

  • Vulnerability in TOTOLINK X2000R Gh (05 Jan 2024)

    A stack overflow vulnerability has been discovered in TOTOLINK X2000R Gh. The affected version is TOTOLINK X2000R Gh v1.0.0-B20230221.0948.
    CVE ID: CVE-2023-51136 (Critical)

  • Vulnerability in Grupo Embras GEOSIAP ERP (05 Jan 2024)

    A SQL injection vulnerability has been discovered in Grupo Embras GEOSIAP ERP. The affected version is Grupo Embras GEOSIAP ERP v2.2.167.02.
    CVE ID: CVE-2023-50589 (Critical)

  • Vulnerability in jeecg-boot (05 Jan 2024)

    A Server Side Template Injection (SSTI) vulnerability has been discovered in jeecg-boot that allows to execute arbitrary code via crafted HTTP request. The affected version is jeecg-boot version 3.5.3.
    CVE ID: CVE-2023-41544 (Critical)

  • Google Released Security Updates for Chrome (05 Jan 2024)

    Google has released Dev channel 122.0.6226.2 for Windows, Mac & Linux and Chrome Dev 122 (122.0.6225.0) for Android.

  • Microsoft Edge Security Updates (05 Jan 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.121) to resolve vulnerabilities.
    CVE ID: CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222

  • Multiple Vulnerabilities in Several IBM Products (05 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-2976 (Medium), CVE-2020-36518 (High), CVE-2022-42004 (Medium), CVE-2022-42003 (Medium)

  • SUSE Security Updates (04 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (04 Jan 2024)

    Google has released Chrome Beta 121 (121.0.6167.48) for iOS, Beta channel 121.0.6167.47 for Windows, Mac and Linux, Chrome Beta 121 (121.0.6167.47) for Android and Dev channel OS version: 15699.25.0, Browser version: 121.0.6167.40 for most ChromeOS devices.

  • Red Hat Security Updates (04 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Android Security Updates (03 Jan 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later, address all of these issues.

  • ASUS Security Update (03 Jan 2024)

    ASUS has released a security update to address a vulnerability in the Armoury Crate App.
    CVE ID: CVE-2023-5716

  • Android Security Updates (03 Jan 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later address all of these issues.

  • SUSE Security Updates (03 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (03 Jan 2024)

    Google has released Chrome 120 (120.0.6099.193) for Android and Stable channel 120.0.6099.199 for Mac & Linux and 120.0.6099.199/200 for Windows to resolve multiple vulnerabilities. 
    CVE ID: CVE-2024-0222 (High), CVE-2024-0223 (High), CVE-2024-0224 (High), CVE-2024-0225 (High)

  • Multiple Vulnerabilities in Several IBM Products (03 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.

  • Multiple Vulnerabilities in Several IBM Products (02 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in MediaTek Products (02 Jan 2024)

    Multiple vulnerabilities have been discovered in MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV, Computer Vision and Audio chipsets.
    CVE ID: CVE-2023-32872 (High), CVE-2023-32874 (High), CVE-2023-32875 (Medium), CVE-2023-32876 (Medium), CVE-2023-32877 (Medium), CVE-2023-32878 (Medium), CVE-2023-32879 (Medium), CVE-2023-32880 (Medium), CVE-2023-32881 (Medium), CVE-2023-32882 (Medium), CVE-2023-32883 (Medium), CVE-2023-32884 (Medium), CVE-2023-32885 (Medium), CVE-2023-32886 (Medium), CVE-2023-32887 (Medium), CVE-2023-32888 (Medium), CVE-2023-32889 (Medium), CVE-2023-32890 (Medium), CVE-2023-32831 (Medium), CVE-2023-32891 (Medium)

  • SUSE Security Updates (02 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (02 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Qualcomm Security Update (02 Jan 2024)

    Qualcomm has released a security bulletin to resolve multiple vulnerabilities affecting several devices.
    CVE ID: CVE-2023-33032 (Critical), CVE-2023-33030 (Critical), CVE-2023-33025 (Critical)

  • Multiple Vulnerabilities in Several IBM Products (01 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-44483 (Medium), CVE-2023-44487 (High), CVE-2023-46158 (Medium), CVE-2023-45857 (High), CVE-2021-28165 (High), CVE-2020-27216 (High)